FireEye Intercepts Fresh POS Malware ‘NitlovePoS’

Investigators from FireEye the security company recently spotted one fresh POS (point-of-sale) malicious program named 'NitlovePoS' that's presently hitting unwitting Internauts.

NitlovePoS gets served in different ways as per the victim's nature. The server, which harbors it, hosts many other malicious programs.

The NitlovePoS campaign involves spam mail supposedly from an individual hunting to get a job so he provides a Word file which, however, contains malevolent macro script which has a default disabled support within Microsoft Office applications.

For duping the recipient in a way he would activate the functionality, the file asserts it is protected while provides directions regarding the way to open its content. On activating the macro-script functionality, a malware installer gets mechanically introduced and executed.

According to FireEye, there are many updates to the first payload so detection can be avoided.

The company observed two payloads pulled down from a common server, which subsequently get instructions for pulling down more malware from the same server.

FireEye researchers write that when they solely examined the "pos.exe" malicious program they assumed it would strike Point-of-Sale devices. They felt that when the attackers would spot one appropriate host from amidst all victimized users, they would direct that victim for pulling down the POS malicious program. Whilst there have been several downloadable variants of the different executables i.e. EXEs the particular server hosted, the "pos.exe" had only three variants, the researchers indicate. Securityweek.com published this, May 25, 2015.

Characteristically, POS machines are contaminated with malware with the help of easy-to-guess else stolen credentials. One more way is to hijack other PCs first that have a network common with that of the terminals followed with attacking them thereafter.

Meanwhile, it is strange for finding PoS malware getting spread via spam as within the NitlovePoS instance. This shows that cyber-crooks look for exploiting situations wherein organization staff work with Windows-based point-of-sale machines for checking e-mail else carrying out other perilous operations.

Thus it's recommended that organizations train workers to use POS devices to do only what they're meant for while avoid using them for checking e-mail, surfing on the Web, conducting video games and so on.

» SPAMfighter News - 6/3/2015