Proofpoint Security Company Intercepts AbaddonPOS Malware

Proofpoint the security company is cautioning of the risks associated with point-of-sale (POS) malware with the discovery during early-October of one fresh POS malware namely AbaddonPOS, published eweek.com dated November 15, 2015.

According to the company's researchers, the malware was detected when it was downloaded during an infection incident from the banking Trojan Vawtrak.

Within that incident, Vawtrak pulled down an installer -TinyLoader that in turn pulled down one more installer that pulled down shellcode which converted into Abaddon.

According to Vice-President of Threat Operations Kevin Epstein with Proofpoint, the AbaddonPOS malicious program is the most recent within numerous advanced POS-targeting malicious programs thus far. Threatpost.com reported this, November 13, 2015.

Epstein describes AbaddonPOS as being anti-analytic and capable of obfuscating code, locating credit card info, having persistence and featuring a custom framework to exfiltrate data. The malware's sophistication compared to earlier malware programs keeps on rising, he says.

Vawtrak is the sole medium security investigators observed AbaddonPOS spreading. According to Epstein, Proofpoint has further observed twin more propagating means for the malicious program. Within one an end-user rounds up everything being struck with AEK (Angler Exploit Kit) that utilizes one Web-browser exploit for taking down Bedep that subsequently pulls down Abaddon. Within the other, one Microsoft Word file that has been rigged pulls down Pony Loader that subsequently pulls down Vawtrak that in turn pulls down TinyLoader.

Threat actors, who repeatedly do to augment surfaces where upon to target attacks, execute one sole campaign for serving several payloads one well-established practice by now. Whereas this methodology for distributing POS malware isn't so frequent, the holiday shopping time in USA provides cyber-criminals plentiful opportunities for getting the maximum revenue from their campaigns via the distribution of fresh and strong POS malware capable of seizing payment card transactions that the Internet shoppers conduct.

Now similar as AbaddonPOS, another POS malware that Trustwave recently analyzed is "Cherry Picker" which's still undetectable since 2011 because of its advanced working as well as its utilization of one cleaner, which makes the device clean again post data-theft. Different from AbaddonPOS, Cherry Picker is solely utilized within extremely targeted assaults.

» SPAMfighter News - 11/19/2015