LockPos, the New Point-of-sale Malware to Affect Retail Businesses
POS Software
20-07-2017 00:00:00
LockPos, the New Point-of-sale Malware to Affect Retail Businesses

A once-dormant command-and-control server for Flokibot has woken up and begun to distribute a new point-of-sale (PoS) malware family.


The new threat, which researchers at Arbor Networks call "LockPoS," uses run keys in the Windows Registry to achieve persistence before communicating with its command-and-control server over HTTP.


POST data exchanged with that server consists of "data chunks" pertaining to the infected machine. The malware can then use return data sent over in a C2 response to update its configuration or inject an executable file into explorer.exe, among other functions.


As for its ability to steal credit card information, LockPoS isn't exactly ground-breaking. Dennis Schwarz of Arbor Networks explains: "The malware's PoS credit card stealing functionality works similarly to other PoS malware: it scans the memory of other running programs looking for data that matches what credit card track data looks like."


But what is unusual is that LockPoS shares command-and-control infrastructure with Flokibot.


Perhaps the criminals responsible for Flokibot created LockPoS in an attempt to diversify their portfolio of threats. And if that association weren't enough, Flokibot and LockPoS's shared command-and-control server (treasurehunter[dot]at) bears the same name as TREASUREHUNT, a separate PoS malware family seemingly designed for a specific "dump shop" of credit card information.


PoS malware gangs are always developing new strains to target businesses' point-of-sale terminals. To counter this persistent threat, companies need to regularly patch their electronic tills and monitor their systems for anomalous activity.

-K Ramanathan ram@justransact.com

No Comments Yet

Subscribe to comments feed

Leave a Reply

Your email address will not be published. Required fields are marked *

Let's Be Friends
Fb general logo Twitter icon Google Plus icon Youtube icon Pinterest Linkedin
Need help? Contact Us
cs@justransact.com (or) Call us: 1800 123 3010

©2013 - 2019 : View site: Desktop 22 years domain experience