More POS malware, just in time for Christmas

[Scubbie]

More POS malware, just in time for Christmas

VXers stuff evidence-purging malware in retailer stockings.


Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break.

The Cherry Picker and AbaddonPOS malware, exposed in the last week, are the latest evolution in stealthy and capable point of sales credit and debit card plundering.

Cherry Picker has been targeting retail businesses since 2011 and now sports new anti-analysis tricks, persistence mechanisms, and better card ripping functionality.

Trustwave researcher Eric Merritt says the malware is expert at wiping evidence of itself after an attack has occurred, overwriting files multiple times and removing data exfiltration locations.

The memory-scraping malware runs on Windows platforms including Windows 7 and the hard-to-kill XP, running remote administration services.
It targets retailers in the food industry running any POS software.

Proofpoint's contribution to the bad news was its description of the Abaddon point of sales malware, which also sports anti-analysis, obfuscation, and wiping tricks.

The researchers found Abbadon on seven client networks that had been delivered after a Vawtrak infection.

"On October 8, Proofpoint researchers observed Vawtrak downloading TinyLoader … which then downloaded AbaddonPOS," the researchers say.

"The practice of threat actors to increase their target surfaces by leveraging a single campaign to deliver multiple payloads is by now a well-established practice," the researchers say.

"While using this technique to deliver point of sale malware is less common, the approach of the US holiday shopping season gives cybercriminals ample reason to maximise the return on their campaigns."

PoS malware will be further challenged as the United States deploys EMV credit card technology, notably when crucial PIN features are used in place of antiquated signatures.

[marjohn56]

It's about time the US started using PIN technology.

I quite like the contactless tech, although I have invested in a wallet that has shields in it so I have to take the card out of the wallet to use it.

[coipu]

Yeah I gotta safe wallet too

[marjohn56]

Yes, that would work too...

Personally, I prefer not to have bits of tin foil falling from my wallet when I open it. There's enough junk, receipts etc, in there already!

[coipu]

Foil is awesome, with some duct tape and wd40 all of life's problems are sorted.

Sent from my Nexus 6P using Tapatalk

[marjohn56]

You forgot the string.... very useful.

Desert Island survival pack.... now there's a topic for an interesting thread.

[marjohn56]

Foil is awesome, with some duct tape and wd40 all of life's problems are sorted.

Seems like the BBC agree with you...

Tips to boost your wi-fi connection - BBC News

[Isitme]

Seems like the BBC agree with you...

Tips to boost your wi-fi connection - BBC News

Nobody told her the Sky router is not designed to be used lying flat

[marjohn56]

Nobody told her not to use a Sky router full stop.