LockPoS Takes a Page from Flokibot to Achieve Stealth

Discussion in '0-day Release' started by silversurfer, Jan 4, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    LockPoS, a point-of-sale (PoS) malware that steals credit card data, has a new trick for stealthy malware injection that appears to be a variant of that used by Flokibot.

    According to Cyberbit, LockPoS reads the memory of currently running processes on computer systems attached to PoS terminals, searching for data that looks like credit-card information. When it finds it, it sends it on to command and control (C&C). The malware is distributed from the same botnet used to distribute the Flokibot PoS, and now seems to have picked up additional characteristics from its sister code. To wit: A malware injection technique that is silent and avoids antivirus hooks.

    “This new malware injection technique suggests a new trend could be developing [consisting of] using old sequences in a new way that makes detection difficult,” explained Hod Gavriel, malware analyst at Cyberbit, in a technical analysis. “For now, the best detection approach is to focus on improving memory analysis, which can be tricky, but these are the best traces currently accessible to security solutions.”

    Source: https://www.infosecurity-magazine.com/news/lockpos-takes-a-page-from-flokibot/
    RGiskardR likes this.
  2. Google Adsense

Share This Page