New POS malware appears to be in beta testing phase

Posted on

Trend Micro has identified a new point-of-sale (POS) threat detected as TSPY_POSLOGR.K.

The presence of debug information in the malware, as well as the lack of any identifiable command-and-control capabilities, has led researchers to believe that TSPY_POSLOGR.K is in a beta testing phase, Christopher Budd, global threat communications manager with Trend Micro, told in a Monday email correspondence.

“As with all software it’s hard to say when a ‘beta’ is finished and ready for ‘production,’” Budd said. “In this case, at least, having the missing command-and-control components are key to it being a piece of production malware.”

Because it seems to be in a beta testing phase, researchers have not seen TSPY_POSLOGR.K being widely used, Budd said.

“[From] what we have seen [it] reads data from processes specified in the initialization file,” Budd said. “In this case it’s credit card [and] point-of-sale information. But the component flexibility means it could easily be repurposed for additional data on the infected system.”

New POS malware appears to be in beta testing phase

Budd referred to the malware sample as a modular and functional component that only takes a single action out of the several involved in a POS breach. He said that other components are needed to take other actions – such as retrieving data dumps – and explained that a complete attack is likely carried out by deploying those other components as part of a package.

The analyzed sample takes actions as commanded by the configuration file, which is not present in the system by default most likely as an obfuscation step, Budd said, adding this makes it harder to understand what actions the malware is taking on infected systems.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s