430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A variant of the Angler Exploit Kit used to infect PoS Systems

Experts at Trend Micro discovered that cyber criminals are exploiting the popular Angler Exploit kit to find and infect PoS systems. The popular Angler Exploit kit is used by criminal crews to find and infect PoS systems, this is the last disconcerting discovery made by the experts at Trend Micro. The security researcher Anthony Joe […]

Landry’s card breach

Experts at Trend Micro discovered that cyber criminals are exploiting the popular Angler Exploit kit to find and infect PoS systems.

The popular Angler Exploit kit is used by criminal crews to find and infect PoS systems, this is the last disconcerting discovery made by the experts at Trend Micro.

The security researcher Anthony Joe Melgarejo explained that the sophisticated Angler exploit kit is used to target in sophisticated attacks the point-of-sale (PoS) systems, the specific use represents a novelty in the cyber criminal ecosystem. It is the first time that investigators discover a variant of the popular Angler Exploit kit specifically crafted to compromise also PoS platforms.

“An attack aiming to infect PoS systems was found using the Angler Exploit Kit to push a PoS reconnaissance Trojan,This Trojan, detected as TROJ_RECOLOAD.A, checks for multiple conditions in the infected system like if it is a PoS machine or part of a PoS network. It then proceeds to download specific malware depending on the conditions met. We’ve also found that this utilizes the fileless installation capability of the Angler Exploit Kit to avoid detection.” Melgarejo says.

Melgarejo explained that the Angler Exploit Kit often uses malvertising campaign and compromised websites as the starting point for infection.

angler exploit kit pos

For the specific attacks against PoS systems, experts at Trend Micro found that the infection chain exploited two Adobe Flash vulnerabilities (CVE-2015-0336 and CVE-2015-3104). Once triggered the flaws the TROJ_RECOLOAD.A malware compromise the target.

“[The] PoS reconnaissance trojan (Troj_Recoload.a) checks for multiple conditions in the infected system such as if it is a PoS machine or part of a PoS network,” added Melgarejo in the blog post. “It then proceeds to download specific malware depending on the conditions met.” “This utilises the fileless installation capability of the Angler Exploit Kit to avoid detection.”

The efficiency of this variant of the popular Angler Exploit kit is improved by the implementation of several anti-analysis tricks, including the shut down in the presence Wireshark network analyzer, virtualizated environments, sandboxing, and known malware probe tool usernames.

Pierluigi Paganini

(Security Affairs – Angler Exploit Kit,  PoS systems)