Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

IntelCrawler Names Second Target POS Malware Suspect

Researchers at intelligence firm IntelCrawler have named a second person who they believe is tied to the malware used in the attacks against Target.

Researchers at intelligence firm IntelCrawler have named a second person who they believe is tied to the malware used in the attacks against Target.

Last week, IntelCrawler identified a 17-year-old Russian who also goes by the hacker handle “ree4” as the creator of malware known as Kaptoxa or BlackPOS. The malware was used to steal payment card information from point-of-sale (POS) terminals. After naming the 17-year-old, the security firm’s findings were challenged by security blogger Brian Krebs, who accused the firm of identifying the wrong person.

Point of Sale Malware Used Against Target, Installed on Registers

On Monday, Intelcrawler updated their research with the name of a second individual they say is the real author of the malware and who also used the nickname ree4 in postings in the cyber-underground. According to the company, both suspects worked closely with each other, with one serving as technical support alongside other individuals.

“[The creator] is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” Dan Clements, president at IntelCrawler, said in a statement on the blog.

Neither is being named by SecurityWeek because they do not appear to have been charged with a crime as of yet. However, Russian news source reported that one of the individuals identified by IntelCrawler said BlackPOS said that while he understood the program could be used illegally, his intent was only his interest was only in writing and selling it, and that it could be used to test security.

Meanwhile, the other individual named by IntelCrawler denied any connection to the attack in a separate interview.  

According to IntelCrawler, the first infected POS systems targeted by the malware were in Canada, Australia and the United States. Ree4 has sold more than 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries. As payment for the malware, customers could pay either $2,000 or 50 percent of what they make from the sale of stolen credit cards.

The attack on Target netted payment card and personal information of tens of millions of customers. The malware is also believed to have been used in the recent attack on Neiman Marcus.

“Most of the victims are department stores,” Andrew Komarov, IntelCrawler CEO, said in the company’s post. “More BlackPOS infections, as well as new breaches can appear very soon, retailers and security community should be prepared for them.”

Related: How Cybercriminals Attacked Target – Analysis

RelatedExperts Debate How Hackers Stole 40 Million Card Numbers from Target

RelatedExclusive: New Malware Targeting POS Systems, ATMs Hits Major US Banks

RelatedBoston Liquor Store Hit With Point-of-Sale Malware

RelatedvSkimmer Botnet Targeting Payment Card Terminals Connected to Windows

RelatedPoint-of-Sale Hacker Gets Seven Years In Prison

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...