PoSeidon New Malware Family Targets Retailers Payment Systems
Security researchers have discovered a new family of sophisticated point-of-sale (PoS) malware, capable of stealing credit and debit card data from retailers’ payment systems. Dubbed “PoSeidon,” the malware program scrapes memory from infected machines in search of valid credit card information, and stealthily exfiltrates the data to servers – the majority of which are hosted on Russian (.ru) domains.
“At a high level, it starts with a Loader binary that upon being executed will first try to maintain persistence on the target machine in order to survive a possible system reboot,” explained the researchers in a blog post.
The loader then contacts a command and control (C&C) server, which responds by sending a URL containing another binary, FindStr, to download and execute. A keylogger is installed, and begins scanning the memory of the PoS device for number sequences of potential credit card numbers.
Next, the numbers are verified as payment card numbers using the Luhn algorithm. Keystrokes and credit card numbers are then encoded and sent to an exfiltration server.
According to the security researches, the keylogging feature could have been used to steal passwords, and may have been the initial infection vector.
PoSeidon is seen to resemble the capabilities of the infamous Zeus baking Trojan, as well as BlackPOS – the malware responsible for the massive breach at Target in 2013, and the Home Depot compromise last year.
“PoSeidon is another in the growing number of Point-of-Sale malware targeting PoS systems that demonstrate the sophisticated techniques and approaches of malware authors,” said the researchers.
As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families, warned the security team.
Network administrators are advised to remain vigilant and adhere to industry best practices to mitigate advanced malware threats.
The post PoSeidon: New Malware Family Targets Retailers’ Payment Systems appeared first on The State of Security.
MailShark
Free anti-spam service
Free email filter service
Related MailShark Articles
GamaPOS The New Point-of-Sale Malware Posted in Global Spam News
Cybercrime Week in Review 28 November 2015 Posted in Global Spam News
Attackers use email spam to infect point-of-sale terminals with new malware Posted in Global Spam News
Fresh POS Malicious Program Utilizes Mailslots Posted in Global Spam News
POS malware hits Kmart Posted in Recent Security News
Point of Sale and Malware Posted in Recent Security News
Cybercrime Week in Review 19 December 2015 Posted in Global Spam News
Cybercrime Week in Review 12 December 2015 Posted in Global Spam News
Ransomware Operation Racked Up $325M in Damages, Security Firms Say Posted in Global Spam News
Cybercrime Week in Review 24 October 2015 Posted in Global Spam News
