Loading...

New PoS malware attack stores as 2018 begin

New PoS malware attack stores as 2018 begin

Learn how to take care of your shop and your valuable customers!
As the New Year starts, new threats already appear. As always our cybersecurity team is prepared for everything new and challenging to stay up to date and improve our cybersecurity techniques and products.

Today we look into new PoS malware attacks, the infamous star for today is LockPoS PoS malware.
So what is so unique at this PoS malware that required our attention you may ask? Of course in the end after a successful attack its purpose is the same as other PoS malware: to steal all credit cared credentials. The difference about this one is that it is designed to read the memory of the computer attached to the PoS silently and undetected then upload sensitive data to its C&C server.

Our skilled technicians discovered that this malware is an improved version of Flokibot PoS malware, both sharing considerable similarities in the way they operate.
To cover its tracks the malware first uploads the original copy of ntdll.dll to its C&C server for later use, then using those three processes NtCreateSection, NtCreateThreadEx, and NtMapViewOfSection running directly into explorer.exe it delivers the final payload in the ntdll.dll which lead to full credit card credentials steal.
By doing this way, it avoids most of the traditional detection services making it hard to detect once the attack it's successful.

To protect your store and your customers too, our cybersecurity analyst strongly recommends that a presence of an active firewall and a top antivirus is a must in every device connected to the internet, backed up by frequent security audits done by skilled cybersecurity technicians because threats evolve along with time as other apps and OSs do.
Our CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.

About CyberByte About CyberByte