Researchers at intelligence firm IntelCrawler have named a second person who they believe is tied to the malware used in the attacks against Target.
Last week, IntelCrawler identified a 17-year-old Russian who also goes by the hacker handle “ree4” as the creator of malware known as Kaptoxa or BlackPOS. The malware was used to steal payment card information from point-of-sale (POS) terminals. After naming the 17-year-old, the security firm’s findings were challenged by security blogger Brian Krebs, who accused the firm of identifying the wrong person.
On Monday, Intelcrawler updated their research with the name of a second individual they say is the real author of the malware and who also used the nickname ree4 in postings in the cyber-underground. According to the company, both suspects worked closely with each other, with one serving as technical support alongside other individuals.
“[The creator] is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” Dan Clements, president at IntelCrawler, said in a statement on the blog.
Neither is being named by SecurityWeek because they do not appear to have been charged with a crime as of yet. However, Russian news source Lifenews.ru reported that one of the individuals identified by IntelCrawler said BlackPOS said that while he understood the program could be used illegally, his intent was only his interest was only in writing and selling it, and that it could be used to test security.
Meanwhile, the other individual named by IntelCrawler denied any connection to the attack in a separate interview.
According to IntelCrawler, the first infected POS systems targeted by the malware were in Canada, Australia and the United States. Ree4 has sold more than 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries. As payment for the malware, customers could pay either $2,000 or 50 percent of what they make from the sale of stolen credit cards.
The attack on Target netted payment card and personal information of tens of millions of customers. The malware is also believed to have been used in the recent attack on Neiman Marcus.
“Most of the victims are department stores,” Andrew Komarov, IntelCrawler CEO, said in the company’s post. “More BlackPOS infections, as well as new breaches can appear very soon, retailers and security community should be prepared for them.”
Related: How Cybercriminals Attacked Target – Analysis
Related: Experts Debate How Hackers Stole 40 Million Card Numbers from Target
Related: Exclusive: New Malware Targeting POS Systems, ATMs Hits Major US Banks
Related: Boston Liquor Store Hit With Point-of-Sale Malware
Related: vSkimmer Botnet Targeting Payment Card Terminals Connected to Windows