New GamaPoS malware piggybacks on Andromeda botnet; spreads in 13 US states
(Publication) Google search: [1]
New GamaPoS malware piggybacks on Andromeda botnet; spreads in 13 US states | |
---|---|
Botnet | GamaPoS |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | Andromeda |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2015 / |
Editor/Conference | Trend Micro |
Link | http://blog.trendmicro.com/trendlabs-security-intelligence/new-gamapos-threat-spreads-in-the-us-via-andromeda-botnet/ (Archive copy) |
Author | Jay Yaneza |
Type | Blogpost |
Abstract
“ We discovered GamaPoS, a new breed of point-of-sale (PoS) threat currently spreading across the United States and Canada through the Andromeda botnet. GamaPoS is the latest in a long list of threats that scrape off credit card data from PoS systems. Compared to its predecessors, GamaPoS uses malware coded using the .NET framework—a first in PoS threats.
The GamaPoS threat uses a “shotgun” or “dynamite fishing” approach to get to targets, even unintended ones. This means that it launches a spam campaign to distribute Andromeda backdoors, infects systems with PoS malware, and hopes to catch target PoS systems out of sheer volume. Rough estimates show us that GamaPOS may have only hit 3.8% of those affected by Andromeda.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR1592, editor = {Trend Micro}, author = {Jay Yaneza}, title = {New GamaPoS malware piggybacks on Andromeda botnet; spreads in 13 US states}, date = {14}, month = Jan, year = {2015}, howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/new-gamapos-threat-spreads-in-the-us-via-andromeda-botnet/}}, }