Jump to content

Search the Community

Showing results for tags 'pwnpos'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. Point-of-sale (PoS) malware has become one of the chief weapons used by attackers to steal credit and debit card data, and now researchers at Trend Micro say they have found yet another threat to add to the list of tools in criminals' toolboxes. The malware is dubbed PwnPOS, and has managed to stay under the radar despite being active since at least 2013. According to Trend Micro, it has been spotted targeting small-to-midsized businesses (SMBs) in Japan, Australia, India, Canada, Germany, Romania and the United States. Trend Micro Threat Analyst Jay Yaneza called PwnPOS an example of malware that's been "able to fly under the radar all these years due to its simple but thoughtful construction." "Technically, there are two components of PwnPOS: 1) the RAM scraper binary, and 2) the binary responsible for data exfiltration," he explained in a blog post. "While the RAM scraper component remains constant, the data exfiltration component has seen several changes – implying that there are two, and possibly distinct, authors. The RAM scraper goes through a process’ memory and dumps the data to the file and the binary uses SMTP for data exfiltration." The malware targets devices running 32-bit versions of Windows XP and Windows 7. One of the keys to the malware's stealth appears to be its ability to remove and add itself from a list of services on the PoS device. "Most incident response and malware-related tools attempt to enumerate auto-run, auto-start or items that have an entry within the services applet in attempt to detect malicious files," Yaneza blogged. "Thus, having parameters that add and remove itself from the list of services allows the attacker to “remain persistent” on the target POS machine when needed, while allowing the malicious file to appear benign as it waits within the %SYSTEM$ directory for the next time it is invoked." PwnPOS enumerates all running processes and searches for card information. Afterward, the stolen data is dumped into a file and ultimately emailed to "a pre-defined mail account via SMTP with SSL and authentication," the researcher blogged. Cybercriminals have increasingly been turning to ready-to-use point-of-sale malware kits. According to security firm Crowdstrike, such kits can cost from as little as tens of dollars to thousands depending upon their complexity. Sursa: securityweek.com
×
×
  • Create New...