The NewPoSThings malware appeared many years ago, and for a long time, it did not stand out from the crowd of other PoS malware families.
In order to avoid getting detected, the most recent version of NewPoSThings has migrated to using DNS requests, which antivirus solutions dont watch and webmasters cant turn off since theyre needed to resolve domains and hostnames. Other PoS malware strains such as BernhardPOS and FrameworkPOS have also used this very same trick.
Besides DNS-based exfiltration, the new version of NewPoSThings, called MULTIGRAIN, also comes with another peculiarity. It appears that its operators have decided to target only one specific type of PoS platform.
FireEye researchers said that although MULTIGRAIN does not bring any new capabilities to the POS malware table, it does show that capable attackers can customize malware on-the-fly to target a specific environment.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now