Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

IntelCrawler Names Second Target POS Malware Suspect

Researchers at intelligence firm IntelCrawler have named a second person who they believe is tied to the malware used in the attacks against Target.

Researchers at intelligence firm IntelCrawler have named a second person who they believe is tied to the malware used in the attacks against Target.

Last week, IntelCrawler identified a 17-year-old Russian who also goes by the hacker handle “ree4” as the creator of malware known as Kaptoxa or BlackPOS. The malware was used to steal payment card information from point-of-sale (POS) terminals. After naming the 17-year-old, the security firm’s findings were challenged by security blogger Brian Krebs, who accused the firm of identifying the wrong person.

Point of Sale Malware Used Against Target, Installed on Registers

On Monday, Intelcrawler updated their research with the name of a second individual they say is the real author of the malware and who also used the nickname ree4 in postings in the cyber-underground. According to the company, both suspects worked closely with each other, with one serving as technical support alongside other individuals.

“[The creator] is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” Dan Clements, president at IntelCrawler, said in a statement on the blog.

Advertisement. Scroll to continue reading.

Neither is being named by SecurityWeek because they do not appear to have been charged with a crime as of yet. However, Russian news source Lifenews.ru reported that one of the individuals identified by IntelCrawler said BlackPOS said that while he understood the program could be used illegally, his intent was only his interest was only in writing and selling it, and that it could be used to test security.

Meanwhile, the other individual named by IntelCrawler denied any connection to the attack in a separate interview.  

According to IntelCrawler, the first infected POS systems targeted by the malware were in Canada, Australia and the United States. Ree4 has sold more than 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries. As payment for the malware, customers could pay either $2,000 or 50 percent of what they make from the sale of stolen credit cards.

The attack on Target netted payment card and personal information of tens of millions of customers. The malware is also believed to have been used in the recent attack on Neiman Marcus.

“Most of the victims are department stores,” Andrew Komarov, IntelCrawler CEO, said in the company’s post. “More BlackPOS infections, as well as new breaches can appear very soon, retailers and security community should be prepared for them.”

Related: How Cybercriminals Attacked Target – Analysis

RelatedExperts Debate How Hackers Stole 40 Million Card Numbers from Target

RelatedExclusive: New Malware Targeting POS Systems, ATMs Hits Major US Banks

RelatedBoston Liquor Store Hit With Point-of-Sale Malware

RelatedvSkimmer Botnet Targeting Payment Card Terminals Connected to Windows

RelatedPoint-of-Sale Hacker Gets Seven Years In Prison

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.