Remember how Target was struck by malware that caused it to give up details of 40 million credit and debit cards? Well, turns out that Home Depot's recent security lapse was a result of the exact same hack.
Krebs on Security reports that last week's Home Depot. hack was "aided in part by a new variant of the same malicious software program that stole card account data from cash registers at Target last December." A source, involved with the investigation, claims that the store was hit by a new variant of "BlackPOS" which siphons data from cards that are swiped at infected point-of-sale systems running Microsoft Windows. An older version of the same malware was used against Target.
The new malware is apparently rather smarter than previous iterations. Krebs explains:
[T]he updated version, which it first spotted on Aug. 22, sports a few notable new features, including an enhanced capability to capture card data from the physical memory of infected point-of-sale devices... the new version also has a feature that disguises the malware as a component of the antivirus product running on the system.
Details garnered from the investigation of BlackPOS also apparently suggest that "the Home Depot breach may involve compromised store transactions going back at least several months." If that's true, the hack's could be incredibly widespread by now. The advice remains the same: If you recently made a trip to Home Depot, you may want to call your bank to make sure your card information is secure. [Krebs on Security]
Image by Mike Mozart under Creative Commons license