Point-of-Sale malwares / RAM scrapers

Forum for analysis and discussion about malware.
N3mes1s
Posts: 42
Joined: Wed Mar 09, 2011 5:17 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by N3mes1s » Sat Jan 18, 2014 7:46 am


User avatar
rkhunter
Posts: 1156
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by rkhunter » Sat Jan 18, 2014 10:39 am

ook, it's all about KAPTOXA POS malware

KAPTOXA POS Report – Released Jan. 16, 2014
https://www.isightpartners.com/2014/01/ ... eport-faq/

Could a Novell vulnerability be behind the Target breach?
http://www.webroot.com/blog/2014/01/17/ ... et-breach/

A Closer Look at the Target Malware
http://krebsonsecurity.com/2014/01/a-fi ... n-malware/
http://krebsonsecurity.com/2014/01/a-cl ... e-part-ii/

http://artemonsecurity.com/20140116_POS ... alysis.pdf

User avatar
rkhunter
Posts: 1156
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by rkhunter » Wed Jan 22, 2014 7:59 am

KAPTOXA samples

ESET: Win32/Spy.POSCardStealer.R, Win32/Spy.POSCardStealer.S, Win32/Spy.POSCardStealer.T
MS: Trojan:Win32/Ploscato.A, Trojan:Win32/Ploscato.B
Symantec: Infostealer.Reedum.B
iSight: Trojan.POSRAM
or just another modification of BlackPOS
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1680
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Wed Jan 22, 2014 6:24 pm


User avatar
hx1997
Posts: 101
Joined: Sat Apr 07, 2012 12:16 am

Re: Point-of-Sale malwares / RAM scrapers

Post by hx1997 » Fri Jan 24, 2014 12:51 am

VBS/Spy.POSCardStealer.A and Win32/Spy.POSCardStealer.U
You do not have the required permissions to view the files attached to this post.

bsteo
Posts: 84
Joined: Fri Nov 16, 2012 5:50 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by bsteo » Fri Jan 24, 2014 1:10 pm

Look mom, I'm famous, lol :)

Code: Select all

sListaNeagra(26) = "4744870016311111" 'exitthematrix pos trigger
Inside Decebal src posted above.

User avatar
Xylitol
Global Moderator
Posts: 1680
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Fri Jan 24, 2014 5:44 pm

Decebal coder is retarded.
4744870016311111 is invalid luhn and the procedure behind check if the number is luhn valid so he don't even need to put this one on the 'blacklist' in theory.

bsteo
Posts: 84
Joined: Fri Nov 16, 2012 5:50 pm

Re: Point-of-Sale malwares / RAM scrapers

Post by bsteo » Sat Jan 25, 2014 4:47 pm

Xylitol wrote:Decebal coder is retarded.
4744870016311111 is invalid luhn and the procedure behind check if the number is luhn valid so he don't even need to put this one on the 'blacklist' in theory.
Agree, he doesn't even have a real LUHN procedure to check, only the name.

User avatar
Xylitol
Global Moderator
Posts: 1680
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Point-of-Sale malwares / RAM scrapers

Post by Xylitol » Wed Jan 29, 2014 4:16 pm

You do not have the required permissions to view the files attached to this post.


Post Reply