Dexter is a malware built to steal payment card data from Point-of-Sale systems. A new version was just leaked this is the latest updated build.
What it actually gets
- Complete Track 1 & Track 2 data from card swipes
- Card numbers entered manually
- Billing information (name, address, zip)
- Session cookies and browser details
Latest updates from the leak
- Modular PHP structure: Now appears as a “payment module” with proper comments
- Cloud C2: Uses AWS/Azure IPs rotated via domain generation
- Stealth: Writes logs to
/tmp/with random names, auto-deletes after 24h - Anti-detection: Checks for security tools (Monit, OSSEC, cPHulk) before activating
- Mobile targeting: Now captures mobile checkout forms (Apple Pay/Google Pay proxies)
Real defenses
- File integrity monitoring on
gateway.phpand similar payment files - Regular checks for unknown
.exefiles on web servers - Strict FTP/SFTP access with 2FA
- Memory protection on POS systems (e.g., McAfee POS Endpoint)
- WAF rules blocking unknown PHP files in payment directories
