Fresh POS Malicious Program Utilizes Mailslots
Security researchers belonging to Morphick, the security company situated in Cincinnati, recently found one fresh POS (point-of-sale) malicious program known as LogPOS. LogPOS utilizes the mailslots of Microsoft Windows for sending filched credit card data onto attackers’ command-and-control (C&C) servers, published scmagazine.com dated March 9, 2015.
According to Security Investigator Nick Hoffman of Morphick, it isn’t unheard of for malware using the mailslots technique since earlier APT assaults have been known exploiting the mechanism; however, a POS malicious program utilizing it is a first attempt. Scmagazine.com published this.
Microsoft describes mailslot as one technicality to have a single IPC (Inter-Process Communication) connection through which computer software can save missives that owners of mailslot may retrieve. Within the current instance, the LogPOS creators have exploited the technicality for storing, followed with garnering, of credit card information, Hoffman explains.
He further says that since LogPOS inserts a script inside different processes while getting each process to hunt memory which is its own, the malware cannot utilize a log as the processes cannot together open identical files simultaneously using write access. Therefore, LogPOS utilizes mailslots instead.
Presuming that LogPOS is able to construct a mailslot, it checks processes vis-à-vis certain whitelist, inserts a script for interrupting the processes, scrutinizes to locate credit card data, confirms that same data, transmits it onto mailslot and also onto a remote website.
Hoffman and co-worker Jeremy Humble noticed that the destination to which the malware transmits stolen data doesn’t have password protection even, thus indicating the malware creator is likely yet testing their script. Threatpost.com published this, March 3, 2015.
During 2014 same time, Web-surfers were by then amidst gigantic data breaches, while they were still under the impact of the huge Target breach of 2013 as newer hacks into the ‘Neiman Marcus’ and ‘Michaels’ stores hit the news.
Since then, well-known malicious programs such as Backoff, with large exfiltration as well as data stealing abilities, have become cyber-attackers’ favorite exploits when targeting point-of-sale devices. Against this scenario, retail breach revelations in 2015 is comparatively quiet although POS malware developers have still not halted from silently fine tuning their wares.