Results for memory parser

Threat Research

211G1 – An Update to Backoff’s ROM

On October 28, 2014, we encountered an even newer version of the Backoff point-of-sale (PoS) malware which we are detecting as W32/Backoff.C!tr.spy. This newest version, with version name 211G1, was compiled close to a month after its predecessor ROM. Functionality-wise, 211G1 is very similar to ROM. An in-depth description of ROM can be found in our previous post. In this blog post, we will describe the modifications made in the newest version of the Backoff PoS malware family. Installation Firstly, 211G1 is now packed with a custom packer;...

By Hong Kei ChanNovember 06, 2014

Threat Research

ROM – A New Version of the Backoff PoS Malware

A few months have passed since the release of the “Backoff” point-of-sale (PoS) malware advisory, but Backoff and other PoS malware continue to be an active threat as businesses keep reporting data breaches and the compromise of their customers’ financial information. We have recently encountered a new version of the Backoff malware family, which we are detecting as W32/Backoff.B!tr.spy. Unlike previous versions, this one no longer uses a version number in the malware body, but just uses the version name ROM. ROM performs very similarly...

By Hong Kei ChanNovember 03, 2014

Threat Research

JackPOS - Another Credit Card Stealer

In a previous blog post on Dexter, we briefly mentioned a new strain of point-of sale (PoS) malware that has compromised over 4,500 credit cards in the United States and Canada. This new strain of malware, dubbed JackPOS, was detected early this year and between then and the time of writing, has had just one version, but with multiple variants. In this blog post, we look briefly at the unique attributes of JackPOS: its custom pattern matching and its command-and-control (C&C) communication. We will conclude with quick remarks on the newest...

By Hong Kei ChanJune 23, 2014

Threat Research

How Dexter Steals Credit Card Information

Hong Kei Chan, Junior AntiVirus Analyst Special Technical Contribution by Liang Huang, Senior Antivirus Analyst Dexter, a custom point-of-sale (POS) malware, has the ability to search through the memory of POS systems for credit and debit card information. POS malware have been making headlines this year, from Target's data breach -- where it has been reported that approximately 40 million credit and debit card accounts had been compromised (Source) -- to more recently, a new strain of POS malware compromising over 4,500 credit cards in the United...

By Hong Kei ChanMarch 09, 2014