PoSeidon: a new malware for PoS
Cisco has published the details of a new malware aimed at exfiltrating information from Points of Sale (PoS). Being based on the same techniques as Zeus, this new malware has been named PoSeidon.
PoSeidon integrates a first component, the Loader, which ensures the malware's persistence and communicates with the C&C, who indicates PoSeidon how to obtain a second component, FindStr. In turn, FindStr acts as keylogger and, when credit card numbers are identified, these numbers are sent to an exfiltration server along with the recorded keystrokes.
References:
- 20/03/2015 blogs.cisco.com Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware
- 23/03/2015 theregister.co.uk PoSeidon, brother of Zeus, forks up point of sale terminals
- 22/03/2015 securityaffairs.co PoSeidon the most sophisticated PoS malware until now
Tags: