Combatting point-of-sale malware

Jump to navigation Jump to search

(Publication) Google search: [1]

Combatting point-of-sale malware
Botnet/malware group Point-of-sale
Exploit kits
Feature Keylogger, Memory scrapping, Network sniffing
Distribution vector
Target Aloha, Radiant, Oracle MICROS, PosiTouch, Xpient, Digital Dining, Grandbury, Firefly
Operation/Working group
Date 2014 /
Editor/Conference Trustwave
Link Report Combatting Point of Sale Malware.pdf (Archive copy)
Type White paper


Cybercriminals continue to maintain their lead in the malware race. As security technology advances in an effort to detect or protect against malware, so too does the malware itself. Attackers are dedicated, persistent and clever. Criminals follow their own software development lifecycle (SDLC) and test and retest their malware against anti-virus solutions to ensure it evades detection. They incorporate usernames, passwords and network addresses for their specific targets into their code. And as long as money can be made from the spoils of their conquests, they won’t let up.

One especially lucrative target for attackers is retail point-of-sale (POS) systems. If report after report of breached retailer after breached retailer hasn’t already provoked concern, it’s time for businesses to get informed about POS malware and develop a strategy to address it. Traditional security controls are not enough. Not only is a defense-in-depth strategy imperative, but businesses also need to prepare to detect and respond to a breach of their systems.

In this document, we describe the POS malware we’ve encountered in our forensics investigations and security research, explain how it’s installed on POS systems, discuss why anti-virus (AV) solutions are not enough to detect such malware and provide recommendations to address the problem. However, this paper won’t provide all of the answers. Operating under the assumption that you will be compromised is one of the better ways to increase the chances that you detect a breach when it occurs and respond appropriately to contain and mitigate it.

What is Point-Of-Sale (POS) Malware?

Point-of-sale (POS) malware is highly customized malicious software written to identify, aggregate and exfiltrate cardholder data (CHD). According to estimates, cybercrime and data breaches involving POS malware have driven organized crime profits into the billions of dollars.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1618,
   editor = {Trustwave},
   author = {},
   title = {Combatting point-of-sale malware},
   date = {15},
   month = Jun,
   year = {2014},
   howpublished = {\url{}},