NewPosThings has new PoS things
Jump to navigation
Jump to search
(Publication) Google search: [1]
NewPosThings has new PoS things | |
---|---|
Botnet | NewPOSThings |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2015 / 2015-04-01 |
Editor/Conference | TrendLabs Security Intelligence Blog |
Link | http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/ (Archive copy) |
Author | Jay Yaneza |
Type | Blogpost |
Abstract
“ Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area—namely, versions for 64-bit and higher.
The 64-bit version is out
Similar to the previous 32-bit version reported last year, the 64-bit sample is a multifunction Trojan that includes added functionalities and routines. These include RAM scraper capabilities, keylogging routines, dumping virtual network computing (VNC) passwords, and information gathering.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR1583, editor = {TrendLabs Security Intelligence Blog}, author = {Jay Yaneza}, title = {NewPosThings has new PoS things}, date = {01}, month = Apr, year = {2015}, howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/}}, }