Cisco uncovers new credit card-stealing malware

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
32,731
20
pchelpforum.net

Cisco has discovered a new malware threat against Point-of-Sale (PoS) terminals that has the potential to pilfer credit card details. The threat appears to be a lot more damaging than the malware that infected Target.

The new malware family, which Cisco's Security Solutions team has nicknamed PoSeidon, scrapes the memory on PoS systems to try and grab credit card data that it then sends to its servers (primarily using Russian .ru domains) before they are harvested and eventually sold on.

PoSeidon starts off its work using a loader binary that, once executed, attempts to maintain a persistence on the target machine to survive any reboots. The loader then contacts a command and control server, thus retrieving a URL that contains another binary to be executed, called FindStr. This installs a keylogger, scans the memory of the PoS for number sequences that might be credit card numbers and sends them back to an exfiltration server.

Adhere to best practices


US retailer Target was subjected to a huge data breach in December 2013, resulting in approximately 40 million credit and debit card accounts compromised. Additionally, personal data such as names, addresses, and emails were stolen from a further 70 million.

That was also carried out using malware program that had its origins in Russia known as BlackPOS. In the face of the PoSeidon malware, Cisco is advising system administrators to adhere to industry best practices to stand up against this new PoS malware.










Continue reading...