FireEye reports POS malware targeting US-based banks and retailers

The malware is called Treasurehunt and it was developed by a group of hackers that go by the name of Bears. The experts say Treasurehunt is hard to detect and it finds its way onto POS terminals using stolen credentials or through brute force password attacks.

According to Nart Villeneuve, principal threat intelligence analyst at FireEye, the Bears group is very active in selling stolen credit card data and they are the only group using Treasurehunt malware, making it hard for security professionals to identify it.

FireEye reports that the POS malware is custom-built and once a system has been corrupted, the Treasurehunt malware can extract payment card information from the POS computer system’s memory and transmit data to a command and control server operated by Bears.

While some cybercriminals are seeking to develop ways to exploit chip and PIN, other cybercriminals are looking to take advantage of memory scraping POS malware while it still works, added Villeneuve.

the paypers logo

The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.

 

The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.

 



No part of this site can be reproduced without explicit permission of The Paypers (v2.7).

Privacy Policy / Cookie Statement 

Copyright