Alina: casting a shadow on POS
(Publication) Google search: [1]
Alina: casting a shadow on POS | |
---|---|
Botnet | Alina, VSkimmer, BlackPOS |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-05-08 |
Editor/Conference | Trustwave |
Link | https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Casting-a-Shadow-on-POS/ (Archive copy) |
Author | Josh Grunzweig |
Type | Blogpost |
Abstract
“ Over the pastfew months, a number of malware families targeting Point of Sale (POS) systems have been discussed. First there was Dexter (Seculert / SpiderLabs), then there was its big brother vSkimmer, and more recently there was Dump Memory Grabber / BlackPOS. One of the most interesting threads of commonality between these samples is the command and control (C&C) structure used between them. Utilizing a C&C communication channel for data exfiltration, while previously rare, has become more and more common in POS malware. I'd like to use this blog post to discuss another similar sample that I recently got the chance to look at, named Alina. We've seen Alina on a number of active forensic cases in the past few months, which is how I was originally made aware of this malware family.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1607, editor = {Trustwave}, author = {Josh Grunzweig}, title = {Alina: casting a shadow on POS}, date = {08}, month = May, year = {2013}, howpublished = {\url{https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Casting-a-Shadow-on-POS/}}, }