New Point-of-Sale Malware Steals Credit Card Data via DNS Queries . - Technopweb


Much About Technology And A Bit About Everything

New Point-of-Sale Malware Steals Credit Card Data via DNS Queries .

Share This
Cyber Security, Computer Security, Internet Security
Cyber ​​criminals are becoming more efficient, innovative and stealthy with every accomplished day. They are now going to adopt more secretive techniques that come with infinite attack vectors and are hard to detect.
A new tension of malware has now been discovered, which relies on a unique technique to steal payment card information from point-of-sale (POS) systems.
Since the new POS malware User Datagram Protocol (UDP) information on credit card on DNS traffic, security researchers at Forcepoint Labs, who have exposed malware, have termed it as UDPO.
Yes, UDPO uses Domain Name System (DNS) queries to filter stolen data instead of STP, which is used by previous POS malware. This malware is also considered to be the first of its kind.
In addition to using 'unusual' DNS requests to filter data, UDPOS malware confuses itself as an update to logme - a valid remote desktop control service that is used to manage computers and other systems Goes-Paid Stolen Card Data Attempts to Avoid Detection While Passing Pass Firewall and Other Security Controls

"We have recently come to a sample which is apparently disguised as a LogMeIn service pack that generates significant amounts of 'unusual' DNS requests," ForcePoint researchers said in a blog post published on Thursday.

"In-depth investigation revealed a defective gem which was ultimately designed to steal magnetic stripe payment card data: Identification of POS malware."
Malware samples analyzed by researchers associated with a Command and Control (C & C) server held in Switzerland, rather than the usual suspects of the United States, China, Korea, Turkey, or Russia. The server hosts a dropper file, which is a self-extractor collection with real malware.
It should be noted that UDPOS malware can only target old POS systems which use logmine.
Like most malware, UDPOS also actively searches for antivirus software and virtual machines and can disable it if anyone finds it. Researchers say that at the moment it is unclear whether it is still a reflection of the malware that occurs in the initial phase of development / testing.
Although there is currently no evidence of UDPOS malware to steal credit or debit card data, Forcepoint tests have shown that malware is actually capable of doing so successfully
In addition, one of the C & C servers, with which the UDPOS malware sample was transmitted, was active and responsible during the investigation of the danger, suggesting that the author was least prepared for deploying this malware. Were.
It should be noted that the attackers behind the malware have not compromised in the LogMine service-it's just cloned. Logman himself published a blog post this week, in which the customers were not warned of falling for the scam.
According to the Forcepoint researchers, protection against this kind of threat can be a difficult proposition, because "almost all companies have firewalls and other security which monitor and filter TCP and UDP-based communications" but the DNS still Opportunities for hackers to data leaks are treated differently.
Last year, we came to a remote access trojan (RAT), which is a dubbed DNSMessenger, which uses DNS queries to command malicious PowerShell on malicious computers, making it difficult to find malware difficult on target system.

Search This Blog

Post Bottom Ad