jm + point-of-sale   2

Full iSight report on the Kaptoxa attack on Target
'POS malware is becoming increasingly available to cyber criminals' ... 'there is growing demand for [this kind of malware]'. Watch your credit cards...
debit-cards  credit-cards  security  card-present  attacks  kaptoxa  ram-scrapers  trojans  point-of-sale  pos  malware  target 
january 2014 by jm
The Malware That Duped Target Has Been Found
a Windows 'RAM scraper' trojan known as Trojan.POSRAM, which was used to attack the Windows-based point-of-sales systems which the POS terminals are connected to. part of an operation called Kaptoxa. 'The code is based on a previous malicious tool known as BlackPOS that is believed to have been developed in 2013 in Russia, though the new variant was highly customized to prevent antivirus programs from detecting it' ... 'The tool monitors memory address spaces used by specific programs, such as payment application programs like pos.exe and PosW32.exe that process the data embossed in the magnetic strip of credit and debit cards data. The tool grabs the data from memory.' ... 'The siphoned data is stored on the system, and then every seven hours the malware checks the local time on the compromised system to see if it’s between the hours of 10 a.m. and 5 p.m. If so, it attempts to send the data over a temporary NetBIOS share to an internal host inside the compromised network so the attackers can then extract the data over an FTP ... connection.'

http://www.pcworld.com/article/2088920/target-credit-card-data-was-sent-to-server-in-russia.html says the data was then transmitted to another US-based server, and from there relayed to Russia, and notes: 'At the time of its discovery, Trojan.POSRAM “had a zero percent antivirus detection rate, which means that fully updated antivirus engines on fully patched computers could not identify the software as malicious,” iSight said.'

Massive AV fail.
kaptoxa  trojans  ram-scrapers  trojan.posram  posram  point-of-sale  security  hacks  target  credit-cards  pin  ftp  netbios  smb 
january 2014 by jm

Copy this bookmark:



description:


tags: