- Jul 22, 2014
- 2,525
A new POS (Point Of Sale) malware family is targeting payment systems in the US and Canada. Called MajikPOS, this new strain features a modular design and support for many features often found in RAT (Remote Access Trojans), allowing crooks to scout and select which systems they want to infect.
Detected by the Trend Micro team, the malware was picked up on security scanners for the first time around January 28, 2017. Nonetheless, newly unearthed evidence revealed MajikPOS first infected systems between August and November 2016.
How MajikPOS infects systems
According to researchers, the malware authors scanned for open VNC and RDP ports and used brute-force attacks to guess weak credentials.
After they breached one of these random networks, they downloaded and installed MajikPOS. For downloading the malware, Trend Micro says attackers used different techniques, ranging from VNC, RDP, RAT access, command-line FTP, and even a modified version of Ammyy Admin remote control software package.
Following this point, the malware gathered information on each victim, and using modules specific to RATs, allowed crooks to scan for local computers handling financial details.
When attackers found workstations handling POS data, the MajikPOS malware would download a memory-scraping module that would monitor the device's RAM for anything that remotely looked like financial information.
This memory scraping module would collect payment card data entered in the POS software and would send this information to its C&C server.
MajikPOS stolen data sold on specialized dump shops
More details in the link above
Detected by the Trend Micro team, the malware was picked up on security scanners for the first time around January 28, 2017. Nonetheless, newly unearthed evidence revealed MajikPOS first infected systems between August and November 2016.
How MajikPOS infects systems
According to researchers, the malware authors scanned for open VNC and RDP ports and used brute-force attacks to guess weak credentials.
After they breached one of these random networks, they downloaded and installed MajikPOS. For downloading the malware, Trend Micro says attackers used different techniques, ranging from VNC, RDP, RAT access, command-line FTP, and even a modified version of Ammyy Admin remote control software package.
Following this point, the malware gathered information on each victim, and using modules specific to RATs, allowed crooks to scan for local computers handling financial details.
When attackers found workstations handling POS data, the MajikPOS malware would download a memory-scraping module that would monitor the device's RAM for anything that remotely looked like financial information.
This memory scraping module would collect payment card data entered in the POS software and would send this information to its C&C server.
MajikPOS stolen data sold on specialized dump shops
More details in the link above