The new malware program has been dubbed PoSeidon by researchers from Cisco’s Security Solutions (CSS) team and, like most point-of-sale Trojans, it scans the RAM of infected terminals for unencrypted strings that match credit card information, a technique known as memory scraping.
The CSS researchers have identified three malware components that are likely associated with PoSeidon: a keylogger, a loader and a memory scraper that also has keylogging functionality.
Unlike other PoS memory scrapers that store captured payment card data locally until attackers log in to download it, PoSeidon communicates directly with external servers and can update itself automatically. It also has defenses against reverse engineering.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now