New GamaPoS malware piggybacks on Andromeda botnet; spreads in 13 US states

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

New GamaPoS malware piggybacks on Andromeda botnet; spreads in 13 US states
Botnet GamaPoS
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector Andromeda
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2015 /
Editor/Conference Trend Micro
Link http://blog.trendmicro.com/trendlabs-security-intelligence/new-gamapos-threat-spreads-in-the-us-via-andromeda-botnet/ (Archive copy)
Author Jay Yaneza
Type Blogpost

Abstract

We discovered GamaPoS, a new breed of point-of-sale (PoS) threat currently spreading across the United States and Canada through the Andromeda botnet. GamaPoS is the latest in a long list of threats that scrape off credit card data from PoS systems. Compared to its predecessors, GamaPoS uses malware coded using the .NET framework—a first in PoS threats.

The GamaPoS threat uses a “shotgun” or “dynamite fishing” approach to get to targets, even unintended ones. This means that it launches a spam campaign to distribute Andromeda backdoors, infects systems with PoS malware, and hopes to catch target PoS systems out of sheer volume. Rough estimates show us that GamaPOS may have only hit 3.8% of those affected by Andromeda.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR1592,
   editor = {Trend Micro},
   author = {Jay Yaneza},
   title = {New GamaPoS malware piggybacks on Andromeda botnet; spreads in 13 US states},
   date = {22},
   month = Jun,
   year = {2015},
   howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/new-gamapos-threat-spreads-in-the-us-via-andromeda-botnet/}},
 }