New BlackPOS variant masquerades as AV service
Posted on 02.09.2014
Before the Backoff point-of-sale malware received deserved attention, the main player in the PoS malware field was BlackPOS (or Kaptoxa), the memory-scraping malware that was used in the Target breach.

Other malware based on BlackPOS has also been analyzed. As time goes by, new versions of the malware are discovered - not wholly unexpected as the original's source code was leaked online in 2012.

Trend Micro researchers have news about the latest version, which they dubbed Memlog. Unlike previous versions, which registered themselves as a system service used by the target company, Memlog disguises itself as an installed service of known AV vendor software in order to avoid detection.

Memlog has some additional changes:
  • A different routine for listing and iterating running processes (CreateToolhelp32Snapshot API call instead of EnumProcesses API call),
  • A new custom search routine to check the RAM for card track data, which is instructed to ignore certain processes where track data usually can't be found.
The grabbed credit card track data from memory is saved into a .dll file and sent to a shared location within the same network.

Attackers can deliver PoS malware on target networks by infecting machines before they are deployed, by hacking network communication, or by targeting specific servers by point of entry and lateral movement, Trend Micro researchers shared.

They advise enterprises and large organizations to implement a multi-layered security solution, as well as to occasionally check if and when a system component has been modified or changed, as this could point to a potential compromise.









Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //