CBS Evening News

Retail store malware pinpointed in holiday hacking attacks

By Wyatt Andrews

January 16, 2014 / 7:09 PM EST / CBS News

Retail store malware identified; how it was apparently used to steal credit info

A private company revealed Thursday how, apparently, hackers were able to hit Target at the height of the holiday shopping season. Forty million credit and debit card accounts were compromised and as many as 70 million customers had their personal information stolen.

The private security firm iSight Partners reports that computer hackers are using a type of malware, or malicious software called KAPTOXA to steal credit card information where customers swipe or enter their credit card information.

CBS

While the report does not mention Target specifically, law enforcement sources say the theft at Target helped investigators track and identify the malware. But it’s not just Target. The report says multiple retailers are being attacked and calls this form of KAPTOXA among the most dangerous ever used.

Tiffany Jones, vice president of iSight Partners spoke to CBS News by phone. She said, “What's unique about it is, it's the first time we've seen this attack at this scale and sophistication in terms of the overall operation of cyber criminals.”

CBS

The iSight report confirms this malware knows how to cover its tracks. Jones said, “The particular variant of malware that we talk about was not detectable by typical antivirus solutions.”

In a separate report, the Department of Homeland Security released a set of technical instructions alerting the nation’s retailers how to detect and stop this malware, but officials are concerned some retail chains are still under attack and don't know.

Wyatt Andrews

Wyatt Andrews is a CBS News National Correspondent based in Washington D.C. He is responsible for tracking trends in politics, health care, energy, the environment and foreign affairs.

More from CBS News