By Charles Leaver

Chewbacca malware: From Tor networks to retailer attacks

The culprit in the recent rash of retailer attacks has been identified as malware named after a widely recognized, hairy Star Wars character. According to the International Business Times, the Chewbacca malware strain was utilized to steal sensitive information from 45 retailers in 11 different countries.

As of the end of January, the malicious sample had stolen the data from 24 million payment card transactions within two months, having been behind Target’s well publicized data leakage event, the source reported. Chewbacca’s widespread attacks began October 25, 2013, and included not only Target, but other retailers in the U.S., Canada, Australia, Russia and several other countries.

The International Business Times reported that experts have not yet announced how the malware was installed on computer systems linked to cash registers, where the attacks initially took place. The Chewbacca sample is typically spread through phishing emails that encourage users to unsuspectingly install the malware by clicking on a malicious link.

During a PC infection, Chewbacca has the ability to considerably threaten endpoint security by recording all keyboard inputs and open windows on the machine. In the retailer attacks, the sample scanned the register’s memory to gain access to sensitive payment card information.

This is not the first time this particular sample has entered the limelight. Chewbacca first emerged in December 2013, when researchers discovered the sample on an underground cybercrime platform, stated InformationWeek. At the time, the malware primarily infected PCs, dropping a Tor version on the affected endpoint to log keystrokes and transmit data to the botnet controllers through the network.

InformationWeek contributor Mathew Schwartz noted that the malware authors are no doubt fans of the Star Wars films, and also included other pop culture references in the sample.

“Beyond just borrowing the malware’s nomenclature from George Lucas, accessing the login interface for the malware’s command-and-control network shows that whoever built the malware also lifted their log-in imagery from ‘A Game of Clones,’ which is free Star Wars and Game of Thrones mashup wallpaper created by artist Andrew Spear,” Schwartz wrote.

Get the Blog Here