Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      Woolworths joins SA's grocery AI race - but you'll wait for it

      Woolworths joins SA’s grocery AI race – but you’ll wait for it

      13 July 2026
      Industry to Icasa: punish municipalities that stall network roll-out

      Industry to Icasa: punish municipalities that stall network roll-out

      13 July 2026
      AI Barometer: the best AI for every job right now

      AI Barometer: the best AI for every job right now

      13 July 2026
      Shoprite claims early win in grocery AI wars

      Shoprite claims early win in grocery AI wars

      13 July 2026
      More bad news for memory prices - SK Hynix CEO Kwak Noh-jung

      More bad news for memory prices

      13 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » How the Dexter malware works

    How the Dexter malware works

    By Duncan McLeod17 October 2013
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    credit-card-640

    A major security breach involving the theft of South African bank account holders’ details by one or more criminal syndicates may go down as one of the worst such incidents in the country’s history. Criminals infected point-of-sale (POS) terminals in South African fast-food outlets and restaurants with a variant of malware called Dexter.

    But what is Dexter and how does it work?

    TechCentral reported on Tuesday that a variant of the Dexter malware had been inserted into POS terminals — the bank-card readers used in retail outlets and elsewhere — which criminals then used to steal customers’ account numbers. Syndicates typically use these numbers to manufacture cloned cards, which they then use in physical retail stores to buy goods and services.

    South African banks first became aware of the problem earlier this year. Local police, Interpol and Europol are now all involved in a multinational investigation to bring the syndicate or syndicates responsible for the data breach to book.

    Payments Association of South Africa (Pasa) CEO Walter Volker told TechCentral on Tuesday that the data breach, which affects most local card-issuing banks, is significant — running into tens of millions of rand.

    According to information security company Symantec, the card holders’ numbers were stolen using a Trojan that belongs to the Infostealer.Dexter family of malware.

    Wikipedia describes a Trojan as a “hacking program that is a non-self-replicating type of malware that gains privileged access to the operating system [of a device] while appearing to perform a desirable function”. In reality it contains a “malicious payload” that often also has a “backdoor” that allows unauthorised access to the target device.

    Symantec explains that the Infostealer.Dexter Trojan reads the content of an infected POS terminal’s memory, “looking for data from track one and two of the magnetic stripe on the back of bank cards”.

    “The malware then uploads the data to the attackers’ remote servers,” it explains. “While customers’ card verification value (CVV) numbers or Pins were unaffected by the breach, cyber criminals could use the rest of the stolen data to clone bank cards or may sell the information on underground forums.”

    Pasa’s Volker told TechCentral on Tuesday that authorities had already picked up incidents of South African card numbers, compromised by the Dexter variant-infected POS terminals, being used to make in-store purchases in the US. This had led to arrests.

    Denis Makrushin, technology positioning manager at Moscow-based security specialist Kaspersky Lab, says that this type of activity, involving POS terminals, is “relatively rare” worldwide. However, cyber criminals are “always on the lookout for new opportunities”.

    “Skimming card details is not a million miles away from [what’s happened], though conceptually the difference here is access to a bulk of information in one fell swoop,” Makrushin says. “It may be harder to do, but the motivation lies in the fact that the rewards are significantly bigger.”

    A similar incident occurred in October 2012, when criminals gained access to POS devices in retailer Barnes and Noble in the US to steal credit card information, Makrushin adds. The largest numbers of this type of malware infection are in the US.

    He says an “endpoint-security solution” must be installed on each POS terminal to prevent the potential theft of customer information.

    “The malware uses standard techniques such as ‘process-injecting’ and sending data to a remote server, so the security solution should have antivirus and firewall features … and any payment information — the card holder’s name, card number, CVV number — should be encrypted in processing on the terminal.”

    Andrew Kirkland, regional director at Trustwave, explains that the Dexter malware targets Windows-based POS terminals and steals track data from magnetic stripes and sends this to central command-and-control servers.

    “This latest breach demonstrates why all businesses, including franchises, cannot overlook security,” Kirkland says. He cites Trustwave research that shows the primary targets of cyber criminals in 2012 were retail (45%), food and beverage (24%) and hospitality (9%).

    “There are several contributing factors to this continuing trend, such as the fact that the sheer volume of payment cards used in these industries makes them obvious targets, as well as the fact that the main focus of organisations operating in these spaces is customer service, not data security,” he says.  — (c) 2013 NewsCentral Media

    • SA banks in massive data breach
    • Bank cards data breach: Pasa statement
    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Andrew Kirkland Denis Makrushin Dexter Dexter malware Kaspersky Kaspersky Lab Pasa Payments Association of South Africa Symantec Trustwave Walter Volker
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleApple brings iTunes vouchers to SA
    Next Article The changing shape of African telecoms

    Related Posts

    Finding focus: a strategic approach to cybersecurity for SMBs - Kaspersky

    Finding focus: a strategic approach to cybersecurity for SMBs

    6 July 2026
    Kaspersky's blueprint for industrial cyber resilience

    Kaspersky’s blueprint for industrial cyber resilience

    25 June 2026
    The new reality of enterprise security: scaling resilience amid complexity - Kaspersky

    The new reality of enterprise security: scaling resilience amid complexity

    17 June 2026
    Company News
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    Africa's data centres: AI, edge computing and new energy demands - Vertiv OADC Open Access Data Centres

    Africa’s data centres: AI, edge computing and new energy demands

    9 July 2026
    The best way to automate customer engagement using AI and WhatsApp - CM.com

    The best way to automate customer engagement using AI and WhatsApp

    9 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    Woolworths joins SA's grocery AI race - but you'll wait for it

    Woolworths joins SA’s grocery AI race – but you’ll wait for it

    13 July 2026
    Industry to Icasa: punish municipalities that stall network roll-out

    Industry to Icasa: punish municipalities that stall network roll-out

    13 July 2026
    AI Barometer: the best AI for every job right now

    AI Barometer: the best AI for every job right now

    13 July 2026
    Shoprite claims early win in grocery AI wars

    Shoprite claims early win in grocery AI wars

    13 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}