Over 4,000 ElasticSearch Servers Found Hosting PoS Malware Files

The Kromtech Security Center has identified over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of POS (Point of Sale) malware — AlinaPOS and JackPOS.

Researchers discovered these exposed ElasticSearch servers last week during routine scans. Intrigued by their initial discovery, the Kromtech team used Shodan to identify more than 15,000 ElasticSearch instances that were left exposed online without any form of authentification.

Of these 15,000 servers, Kromtech says that over 4,000 are hosting files specific to the command and control (C&C) infrastructure of AlinaPOS and JackPOS.