FrameworkPoS Malware Returns with New Attacks on SMBs in Chicago, Hawaii

A

Alkajak

Thread author
Security experts from Anomali Labs have revealed they've detected new versions of FrameworkPoS, one of the oldest PoS malware pieces on the market, in attacks against US-based small businesses.

According to telemetry data, the company says that the crooks managed to steal the Track 2 data from at least 300 credit cards, most of them from businesses in Honolulu, Hawaii, and the city of Chicago.

The researchers claim that this could be the sign of an upcoming large-scale FrameworkPoS, like the ones seen in late 2014 by G Data and late 2015 by Trustwave and FireEye.

FrameworkPoS is also one of the two malware families used in the infamous FIN6 operation detected last year, during which crooks stole 20 million credit card details from over 2,000 PoS systems, creating damages of $400 million (€355 million).

The scale at which the crooks operate is small for now, but researchers note that they expect the campaign to pick up in the upcoming future.

Anomali also points out that the group behind this recent wave of connections was registering domain names employed for the command centers in use today as early as July 17, 2015. Even if there's proof that the group has been active for a long time, there's no evidence to link them to the previous campaigns.

Full Article: FrameworkPoS Malware Returns with New Attacks on SMBs in Chicago, Hawaii
 
  • Like
Reactions: Jrs30

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top