Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Retailers of US are Alerted after Detection of Serious PoS Malware


infosecurity-magazine.com reported on 24th November, 2015, stating that security experts of iSIGHT Partners, a cyber threat intelligence firm, are warning about a major new sophisticated POS malware framework that could inflict havoc among retailers in US, as they are heading towards the busy forthcoming shopping season.

The malware known as "ModPOS" has already targeted the US retailers, and most probably it is being used somewhere else in trying to collect card details.

As per the firm, it has already updated many retailers and payment firms. Further, it is working with the Retail Cyber Intelligence Sharing Center (R-CISC) to help in stopping the further dissemination of the POS malware.

The firm explained that "the actors behind the ModPOS software have shown a very professional level of expertise in developing the software; and created a complex, highly functional and modular code base that places a very heavy emphasis on obfuscation and persistence. Thus, making ModPOS go undetected by many types of modern security defenses".

It was difficult to do the analysis as the technical details for each target are different, which was possible due to ModPOS' versatile and modular structure.

Uploader/Downloader, POS Scrapper and Keylogger are the three main modules of ModPOS, which are supposed to provide basic RAM scrapping, exfiltration functionality and communication.

If debit/credit card or any other type of data sent from a device, which is originally infected, is believed to be valuable, then the C&C server of the malware will ask the downloader to procure other modules based on the technical makeup of the infected system.

Other modules provide functionality for asking about local processes and system settings, viewing and inspecting the local network, and for collecting username and password information for local and domain accounts.

All modules are packed kernel drivers, which also utilize encryption and obfuscation to dodge security software. As per iSIGHT, antivirus solutions by one vendor have only detected the Uploader/Downloader module, which marks it with a low-security risk.

So far, one bright spot about this malware is that its maker are not selling it at underground forums or distributing it to the public.

csoonline.com reported on 24th November, 2015, quoting Maria Noboa, Senior Threat Analyst of iSIGHT, as saying "this indicates that the authors are holding it close to their chest because it's a profit center for them".

ยป SPAMfighter News - 12/1/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next