Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Cisco Identifies a New “PoSeidon” Point-of-Sale Malware


Thehackernews.com published news on 22nd March, 2015 stating that the security experts of Cisco's Talos Security Intelligence & Research Group has discovered a new and horrible breed of Point-of-Sale malware dubbed "PoSeidon" and the team says that it is more advanced and nasty than the previous Point-of-Sale malware.

The Point-of-Sale malware is designed to have the capabilities of both the notorious Zeus banking Trojan and infamous BlackPOS Trojan which robbed Millions from big retailers of US such as Home Depot in 2014 and Target in 2013.

PoSeidon scrapes memory from PoS terminals to search for sequences of card number of major card issuers such as Master card, Visa, Discover and Amex and then uses the Luhn algorithm to confirm the validity of credit/debit card numbers.

Researchers say that the Trojan then siphons the captured credit card information off to Russian (.ru) domains to harvest and probably resale.

Cisco's team explained that interestingly, at a high level, PoSeidon starts with a Loader binary which, when being executed, will first try to maintain persistence to avoid a system reboot which may happen.

The Loader then contacts a command and control server rescuing a URL containing another binary to download and execute. The downloaded binary known as FindStr installs a keylogger and scans the memory of the PoS device for sequence numbers which could be the number of credit card. When the numbers are verified as credit card numbers, keystrokes and credit card numbers are encoded and sent to an exfiltration server.

Cisco said that the component of the keylogger was potentially used to steal passwords and could have been vector which is the initial infection.

Researchers say that PoSeidon is among other increasing number of malware abusing POS systems which demonstrate the advanced strategies and approaches of authors of malware.

"Attackers will continue to attack POS systems and implement many complicated techniques in trying to avoid detection. Attackers will go on to invest in improvement and techniques of new malware family as long as they get good returns from the attacks on POS."

Cisco observes that the network administrators must adhere to best practices of the industry if they intend to pose a challenge to POS malware.

» SPAMfighter News - 3/30/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next