Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cybercriminals Testing New PoS Malware ‘Poslogr’

Researchers at Trend Micro have come across a sample of a new point-of-sale (PoS) malware that appears to be under development.

Researchers at Trend Micro have come across a sample of a new point-of-sale (PoS) malware that appears to be under development.

Detected by the security firm as TSPY_POSLOGR.K, the threat relies on multiple components to carry out its mission, which makes it similar to a recently discovered variant of the notorious BlackPoS malware (TSPY_MEMLOG.A).

Poslogr is designed to read the memory associated with specific processes in an effort to obtain payment card information. The data is then saved to files named “rep.bin” and “rep.tmp.”

The list of targeted processes is specified in a .INI file that acts as a configuration file. However, researchers haven’t found the configuration file on the infected system so it’s uncertain which processes are scanned by the malware. The same configuration file also includes a variable that specifies the time interval for re-scanning the processes.

There are several other clues that have led experts to believe that Poslogr is either under development or still in the beta testing phase. For example, the malware’s code contains debugging information, it doesn’t connect to any command and control (C&C) server, and it doesn’t upload the harvested data.

Since Poslogr appears to be a multicomponent malware, researchers assume that the component responsible for transferring the dumped data is deployed as a package.

According to Trend Micro, the threat is distributed via drive-by downloads and with the aid of other malware.

Last week, researchers at threat intelligence company IntelCrawler reported uncovering a new PoS malware targeting electronic kiosks. Dubbed “d4re|dev1|,” the malware has been spotted on close to 80 machines in the European Union, the United States and Australia.

It’s not surprising that the number of threats designed to target PoS systems is increasing, considering that this type of malware has been successfully used in a large number of operations. In the attack against the U.S. retailer Target, cybercriminals managed to steal more than 40 million credit and debit card records with the aid of the BlackPOS malware.

The Backoff RAM scrapper has also been used in numerous attacks. In August, the U.S. Secret Service estimated that over 1,000 businesses had been hit.

 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack