Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MalumPoS PoS malware used against Hotels and other Industries

Malware researchers at Trend Micro have discovered a news strain of the malumPoS used to target hospitality, food and beverage, and retail industries. Security experts at Trend Micro have discovered a new strain of the MalumPoS malware that was reconfigured to compromise PoS systems based on the Oracle® MICROS® platform. Trend Micro was the first […]

MalumPoS PoS malware used against Hotels and other Industries

Malware researchers at Trend Micro have discovered a news strain of the malumPoS used to target hospitality, food and beverage, and retail industries.

Security experts at Trend Micro have discovered a new strain of the MalumPoS malware that was reconfigured to compromise PoS systems based on the Oracle® MICROS® platform.

Trend Micro was the first to detect MalumPoS in the wild, the new variant was configured to hit this Oracle platform that is widely (330,000 customer installations worldwide) used in the hospitality, food and beverage, and retail industries.

MalumPoS pos malware

Oracle claims that MICROS is used in 330,000 customer sites worldwide. A bulk of the companies using this platform is mostly concentrated in the United States. If successfully deployed by a threat actor, this PoS RAM scraper could put several high-profile US-based companies and their customers at risk.

MalumPoS belong to the family of PoS RAM scrapers, this means that the malicious agent is able to steal customer credit card data directly from the RAM memory of the infected systems.

The researchers al Trend Micro explained that the MalumPoS was designed to be configurable, its abilities could be easily expanded in the future. The threat actors can change or add other processes or configure new targets.

“He can, for example, configure MalumPoS to include Radiant or NCR Counterpoint PoS systems to its target list.” states the post.

The researchers highlighted the following characteristics of the MalumPoS malware:

  • NVIDIA disguise: Once installed in a system, MalumPoS disguises itself as “the “NVIDIA Display Driver” or, as seen below, stylized to be displayed as “NVIDIA Display Driv3r”. Although typical NVIDIA components play no important parts in PoS systems, their familiarity to regular users may make the malware seem harmless.
  • Targeted systems: Aside from Oracle MICROS, MalumPoS also targets Oracle Forms, Shift4 systems, and those accessed via Internet Explorer. Looking at the user base of these listed platforms, we can see that a major chunk is from the US.
  • Selective credit card scraping:MalumPoS uses regular expressions to sift through PoS data and locate pertinent credit card information. We have seen an older PoS threat called Rdasrv demonstrate the same behavior. In the case of MalumPoS, it selectively looks for any data on the following cards: Visa, MasterCard, American Express, Discover, and Diner’s Club.

Trend Micro have published a detailed analysis of MalumPoS malware that include IoC indicators and YARA rules that could be used to detect the presence of the malware.

Pierluigi Paganini

(Security Affairs – MalumPoS , PoS malware)