AbaddonPOS: A new point of sale threat linked to Vawtrak
(Publication) Google search: [1]
| AbaddonPOS: A new point of sale threat linked to Vawtrak | |
|---|---|
| Botnet | AbaddonPOS, Vawtrak |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2015 / 2015-11-24 |
| Editor/Conference | Proofpoint |
| Link | https://www.proofpoint.com/us/threat-insight/post/AbaddonPOS-A-New-Point-Of-Sale-Threat-Linked-To-Vawtrak (Archive copy) |
| Author | Darien Huss |
| Type | Blogpost |
Abstract
“ Proofpoint threat researchers recently detected a new addition to PoS malware landscape. Named AbaddonPOS by Proofpoint researchers, this sample was initially discovered as it was being downloaded in the process of a Vawtrak infection. This use of additional payloads to enhance attack capabilities offers another example of efforts by threat actors to expand their target surfaces through the delivery of multiple payloads in a single campaign, in this case by including potential PoS terminals. This post will analyze AbaddonPOS; discuss the observed infection vectors; and expose, details on the downloader used to retrieve this new PoS malware. We will also provide evidence to demonstrate that the downloader malware and PoS malware are closely related, perhaps even written by the same actor or actors.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR4939,
editor = {Proofpoint},
author = {Darien Huss},
title = {AbaddonPOS: A new point of sale threat linked to Vawtrak},
date = {24},
month = Nov,
year = {2015},
howpublished = {\url{https://www.proofpoint.com/us/threat-insight/post/AbaddonPOS-A-New-Point-Of-Sale-Threat-Linked-To-Vawtrak}},
}