Antivirus companies have recently discovered a virus aimed at infecting QIWI payment system terminals. Analysis of the virus’s code showed that it was intended to penetrate the terminal’s operating system (Windows) and change the account number to where money is being transferred.
The virus has been given the name Trojan.PWS.OSMP.
It was not discovered in the terminals themselves but openly on the internet (only their owners have access to the terminals), so it is impossible to describe the level of danger posed. All that can be confirmed is that the virus exists and it can only infect terminals manually, through physical access to the device.
Shortly afterwards a modification to the virus was discovered, also aimed at payment terminals. However, it works differently. It tries to steal the terminal’s configuration files, which would theoretically give criminals the possibility to take money by imitating the terminal on their own computer.
The company that runs QIWI announced that this is already the 20th version of this virus and nothing particularly new. It was discovered and neutralised by the terminals internal antivirus system on 20 February and does not pose any danger at all.
Payment system representatives explained that their terminals use an effective multilevel defence system, which stops viruses from causing serious damage. Any account which receives a large number of transfers from different sources is checked by specialists and can be blocked. In addition, the terminals defence system would not allow anyone to imitate their signal, even if configuration files and encryption keys were obtained.