Three month FrameworkPOS malware campaign nabs ~43,000 credit cards from point of sale systems
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Three month FrameworkPOS malware campaign nabs ~43,000 credit cards from point of sale systems | |
|---|---|
| Botnet | FrameworkPOS |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | Memory scrapping |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2016 / 2016-02-18 |
| Editor/Conference | Anomali |
| Link | https://blog.anomali.com/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-poi (Archive copy) |
| Author | Luis Mendieta |
| Type | Blogpost |
Abstract
“ Threatstream Labs came across an interesting FrameworkPOS sample that given it is two months old, its digitally signed and its certificate hasn't been revoked. FrameworkPOS is a malware family that targets POS (Point of Sale) terminals and its main objective is to steal credit card data from them in order to be sold in the black market. This blogpost is divided in two sections. The first section aims to analyze the malware's capabilities e.g.: c2 connectivity, encoding mechanisms and overall system activity. The second section will provide an analysis on campaign information that was gathered throughout the research.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2016BFR4920,
editor = {Anomali},
author = {Luis Mendieta},
title = {Three month FrameworkPOS malware campaign nabs ~43,000 credit cards from point of sale systems},
date = {18},
month = Feb,
year = {2016},
howpublished = {\url{https://blog.anomali.com/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-poi}},
}