Researchers Discover Two New Strains of POS Malware

Solarquest

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Content source
https://threatpost.com/researchers-discover-two-new-strains-of-pos-malware/115350/#sthash.RtOt9Xzz.dpuf
Point of sale malware has gotten more sophisticated as we inch closer to the two-year anniversary of the Target data breach. Now, two weeks from the biggest shopping day of the year, two new and different strains of point of sale malware have come to light, including one that’s gone largely undetected for the past five years.

Researchers with Trustwave described Cherry Picker, a set of PoS malware that in one form or another has been targeting businesses that sell food and beverage since 2011. The malware has managed to stay covert all these years by using a special mix of configuration files, encryption, obfuscation, and command line arguments.


- See more at: Researchers Discover Two New Strains of POS Malware
 
  • Like
Reactions: Sr. Normal, LabZero and frogboy
S

soccer97

Level 11
Verified
May 22, 2014
517
Near the exact timing of the previous breaches. Maybe we should pay with cash more... (or would Android/Apple Pay protect us to some extend (changing encrypted token).
 
L

LabZero

New POS malware with references to old codes, with some new implementations.

They use a list of known executable files (about POS) that vendors installed on PC to determine what are the processes for scanning data.
Using standard calls to the Windows API function, the malware creates a list of running processes to find a default list of executable files and processes.
Once the malware locates a target process, It check history pages processes and start looking for patterns (leading and trailing characters) indicating the presence of credit card information.
In a pre-defined time, files from all infected systems are copied to a compromised server that sends data (via FTP or other protocols at the application level).
 
  • Like
Reactions: Sr. Normal and frogboy
S

soccer97

Level 11
Verified
May 22, 2014
517
I wo
Klipsh said:
New POS malware with references to old codes, with some new implementations.

They use a list of known executable files (about POS) that vendors installed on PC to determine what are the processes for scanning data.
Using standard calls to the Windows API function, the malware creates a list of running processes to find a default list of executable files and processes.
Once the malware locates a target process, It check history pages processes and start looking for patterns (leading and trailing characters) indicating the presence of credit card information.
In a pre-defined time, files from all infected systems are copied to a compromised server that sends data (via FTP or other protocols at the application level).
Click to expand...


I wonder if they (The establishment retail/foodservice) could periodically monitor the SHA-1/MD5 file properties of the POS/Payment and Credit Card terminals to check if they have been modified. This would be a large undertaking, however if it worked, it could save millions in the long run. (sort of similar to SFC (but would likely have to be remotely checked. Store by store would be way too expensive.
 
L

LabZero

soccer97 said:
I wo



I wonder if they (The establishment retail/foodservice) could periodically monitor the SHA-1/MD5 file properties of the POS/Payment and Credit Card terminals to check if they have been modified. This would be a large undertaking, however if it worked, it could save millions in the long run. (sort of similar to SFC (but would likely have to be remotely checked. Store by store would be way too expensive.
Click to expand...
Good point and I think the data security system should be designed specifically to protect highly sensitive information and conduct analysis of internal network communications and external connections. This can help to identify outliers in communications both incoming and outgoing.

Ensure end-to-end encryption would be a highly effective but expensive.
 
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
PoS malware can block contactless payments to steal credit cards
Replies
0
Views
472
News Archive
silversurfer
silversurfer
upnorth
    • +Reputation
    • Wow
    • Like
Payment Terminal Malware Steals $3.3M Worth of Credit Card
Replies
0
Views
435
News Archive
upnorth
upnorth
silversurfer
    • Like
    • +Reputation
    • Wow
Researchers Discover New Sophisticated Toolkit Targeting macOS Systems
Replies
2
Views
811
News Archive
Trident
Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top