The outdoor clothing store retailer, Eddie Bauer, was the latest victim of a point-of-sale malware that stole credit card information. Eddie Bauer has admitted that its 350 of its stores in the US and Canada may have been affected by the attack. The notice states the cardholder names, payment card numbers, security codes and expiration dates may have been extracted by the malware, but purchases over its online retail services were not affected.
Earlier versions of this Trojan exist, such as BackDoor.TeamViewer.49, but it only allowed them to spy on traffic by downloading a malicious library that’s installed on the target machine. However, the latest version uses the TeamViewer application itself to spy on the victim, but also steals information by having the Trojan load a malicious library with the same name TeamViewer would normally load, and disabling any error messages that appear.
The geographical areas in which the Trojan is targeting seems to be shifting. For example, it was targeting systems in Britain and Spain, but now is moving to the US in August. Additionally, there have been reports of it in Russia.
References: TeamViewer Trojan Makes it Spy on You | Backdoor Trojan Uses TeamViewer Components to Spy on PCs in Europe, Russia, US | Trojan Affecting TeamViewer Comes Knocking on European and US Doors
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.