Researchers from Proofpoint are announcing their discovery of Abaddon, a new Point of Sale malware which is being downloaded in the process of a Vawtrak infection. This use of additional payloads to enhance attack capabilities offers another example of efforts by threat actors to expand their target surfaces through the delivery of multiple payloads in a single campaign, in this case by including potential PoS terminals.
Key findings are listed below :
- Spreading with the known banking Trojan Vawtrak, this new malware spreads by both email and web infections. It includes features designed to resist analysis and encode stolen credit card data. Proofpoint has seen it broadly targeting organizations worldwide and not focus solely on the retail sector.
- The practice by threat actors to increase their target surfaces by leveraging a single campaign to deliver multiple payloads is by now a well-established practice. While using this technique to deliver point of sale malware is less common, the approach of the holiday shopping season gives cybercriminals ample reason to maximize the return on their campaigns by distributing a new, powerful PoS malware that can capture the credit and debit card transactions of holiday shoppers.
- Organizations with PoS terminals that are also used by employees as regular computers are especially vulnerable. Proofpoint encourages organizations to follow the best practice of separating PoS terminals and end-user networks that carry employee Internet, email and other traffic.
Patrick Wheeler, Director of Threat Intelligence for Proofpoint, said :
“The appearance of new PoS malware on the eve of the holiday shopping season highlights that despite the adoption of EMV cards, credit card swipes remain a valuable target for cybercriminals. AbaddonPOS takes advantage of organizations that use the same computer to process PoS transactions and check emails. It resists analysis and encodes stolen credit card data for easy transfer. Organizations need to silo their PoS terminals and use advanced cybersecurity technology that stops the latest malware from getting in—and prevents sensitive credit card data from unauthorized removal.”
[su_box title=”About Proofpoint” style=”noise” box_color=”#336588″]
Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.