Biometric data stolen from corporate lunch rooms system

A US payment kiosk vendor has been stung by malware scum.

Avanti Markets helps employers monetise the lunch-room and get rid of counter-service, going beyond a simple vending machine to cover the whole sandwiches-fruit-drinks-junk-food with one payment system.

Last week, as first spotted by Brian Krebs, the company posted this breach notice.

The outfit explains it's telling people their personal information, payment card data, and maybe biometric data, is at risk.

The biometrics in question seem to be fingerprints, since that's what the company pitches as a payment convenience and security feature.

The breach – a malware infection on “some Avanti Markets” – meant the attackers got access to customer information on infected machines.

As well as payment card and biometric data, the company says names and e-mail addresses may have been scraped by the malware scum.

Avanti Markets says it's notified law enforcement, including the FBI, has kicked off an internal investigation and changed its passwords, blocked payment processing at affected locations while it cleans the machines, and will offer affected individuals free credit monitoring and a call centre helpline.

According to this post by Risk Analytics, the infection uses the PoSeidon malware, which scrapes its targets' memory and fires the data back to its (presumably) Russian operators.

In February 2016, Kaspersky claimed that PoSeidon's masters seemed to have operated since around 2005.

Risk Analytics believes the malware started out with the larger vendor (which it doesn't name as Avanti) but also ran through some of its local VARs.

The infosec bods say the traffic they identified matched Cisco's 2015 analysis of PoSeidon and uses the same SSL certificate as Cisco saw.

Brian Krebs' full post is here. ®