NewPosThings has new PoS things

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

NewPosThings has new PoS things
Botnet NewPOSThings
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2015 / 2015-04-01
Editor/Conference TrendLabs Security Intelligence Blog
Link http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/ (Archive copy)
Author Jay Yaneza
Type Blogpost

Abstract

Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area—namely, versions for 64-bit and higher.

The 64-bit version is out

Similar to the previous 32-bit version reported last year, the 64-bit sample is a multifunction Trojan that includes added functionalities and routines. These include RAM scraper capabilities, keylogging routines, dumping virtual network computing (VNC) passwords, and information gathering.

Bibtex

 @misc{Yaneza2015BFR1583,
   editor = {TrendLabs Security Intelligence Blog},
   author = {Jay Yaneza},
   title = {NewPosThings has new PoS things},
   date = {01},
   month = Apr,
   year = {2015},
   howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/}},
 }