Fresh POS Malicious Program Utilizes Mailslots for Ferrying Filched Data

Security researchers belonging to Morphick the security company situated in Cincinnati recently found one fresh POS (point-of-sale) malicious program known as LogPOS which utilizes the mailslots of Microsoft Windows for sending filched credit card data onto attackers' command-and-control (C&C) server, published scmagazine.com dated March 9, 2015.

According to Security Investigator Nick Hoffman of Morphick, it isn't unknown of malware using the mailslots technique since earlier APT assaults have been known exploiting the mechanism; however, a POS malicious program utilizing it is a first attempt. Scmagazine.com published this.

Microsoft describes mailslot as one technicality to have a single way IPC (Inter-Process Communication) through which computer software can save missives that owners of mailslot may retrieve. Within the current instance, the LogPOS creators have exploited the technicality for storing followed with garnering credit card information, Hoffman explains.

He further says that since LogPOS inserts script inside different processes while get each process to hunt memory which is their own, the malware cannot utilize a log as the processes cannot together open identical files simultaneously using write access. Therefore, LogPOS utilizes mailslots instead.

Presuming that LogPOS is able to construct a mailslot, it checks processes vis-à-vis certain whitelist, inserts script for interrupting the processes, scrutinizes to locate credit card data, confirms that same data, transmits it onto mailslot as also ahead onto a remote website.

Hoffman and co-worker Jeremy Humble noticed that the destination to which the malware transmits stolen data doesn't have password protection even, thus indicating the malware creator is likely yet testing their script. Threatpost.com published this, March 3, 2015.

During 2014 same time, Web-surfers were by then amidst gigantic data breaches, while they were still under the impact of the huge Target breach of 2013 as newer hacks into the 'Neiman Marcus' and 'Michaels' stores hit the news.

Since then well-known malicious programs such as Backoff with large exfiltration as well as data stealing abilities have become cyber-attackers' favorite when targeting point-of-sale devices. Against this scenario, probably retail breach revelations in 2015 is comparatively quiet although POS malware developers have still not halted from silently fine tuning their wares.

» SPAMfighter News - 3/17/2015