pos malware Blog Terms - Attivo Networks

pos malware

Over 4,000 ElasticSearch Servers Found Hosting PoS Malware Files

The Kromtech Security Center has identified over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of POS (Point of Sale) malware — AlinaPOS and JackPOS.

Researchers discovered these exposed ElasticSearch servers last week during routine scans. Intrigued by their initial discovery, the Kromtech team used Shodan to identify more than 15,000 ElasticSearch instances that were left exposed online without any form of authentification.

Of these 15,000 servers, Kromtech says that over 4,000 are hosting files specific to the command and control (C&C) infrastructure of AlinaPOS and JackPOS.

New Point-of-Sale Malware LockPoS Hitches Ride with FlokiBot

Botnets distributing FlokiBot point-of-sale malware have awoken from months of slumber and are back in business spewing a new malware dubbed LockPoS. Researchers say the malware is still flying under the radar of many antivirus and intrusion detection systems because it’s so new.

Currently, LockPoS is believed to be targeting Brazilian-based companies, according to Arbor Networks, a division of NetScout. Researchers there said they recently noticed the PoS malware after observing slumbering command-and-control servers used by FlokiBot coming back online.

Tech Company Sets Traps For Cyber Attackers Of Point Of Sale Systems

Undetected Vulnerabilities Lay in Wait and Could Lead to Large Holiday Breaches According to Research Report. Attivo issued a report today detailing severe vulnerabilities in the nation’s POS systems that could lead to large breaches during the Holiday shopping period and on into next year. The report, based on primary research, shows how attackers are moving laterally undetected through networks, compromising asset management servers and then using them to plant malware on POS terminals for either timed or remote activation, creating the foundation for wide-scale credit card information theft. Traditional security devices have proven to be ineffective in detecting an attacker’s lateral movement, in providing malware activation visibility between asset servers and POS terminals, and in accurately correlating attack forensic data according to the report.

Scroll to Top