Number: IRCNE2015112690
Date: 2015/11/18
According to “tripwire”, security researchers have spotted two new malware strains, AbaddonPOS and Cherry Picker, that are targeting point-of-sale (PoS) terminals.
The firm goes on to explain that the Angler Exploit Kit or an infected Microsoft Office document can deliver the malware, which uses evasive techniques, including the use of a CALL function to push a function parameter instead of a PUSH function, in order to avoid detection.
The malware ultimately reads the memory of all processes except itself for credit card data. As SCMagazine explains in an article, once the data is found, AbaddonPOS sends this information back to a command and control (C&C) server using a custom binary protocol.
Meanwhile, researchers with Trustwave have identified Cherry Picker, a configurable PoS malware that also uses a variety of techniques to fool analysis solutions. These include encryption, configuration files, command line arguments, obfuscation, and a special “cleaner” file that contains a “custom shredder function” that removes malware and exfiltration file locations before shredding any trace of the executable itself.
PoS malware has been prevalent in the United States in recent years. However, as pointed out by The Register, the introduction of EMV technology on credit cards could ultimately work against AbaddonPOS, Cherry Picker, and others.
- 9