Cybersecurity experts, in association with an ethical hacker from the International Institute of Cyber Security reported the emergence of a new malware variant designed to intercept payment card numbers; the malware has been circulating through some malicious hacker forums.
This malware, known as GlitchPOS, is available
for purchase on some hacking forums hosted on dark
web, mentioned the ethical hacker from the IICS. This malicious
software was first detected in February and the number of hackers who have
bought or used it is still unknown.
“We recently discovered a new malware
variant against points of sale available in criminal forums”, the research
experts mentioned. “Also, we found
the payloads associated with the malware, its infrastructure and its control
panel”.
According to researchers, this malware has a
functional design and is very easy to use; “No advanced hacking skills are
required to run GlitchPOS,” added the ethical hacker. The attackers have
been deploying the malware through a malicious email, by disguising it as a
very simple videogame.
The malware is protected by a packer developed
in VisualBasic, which decrypts a library (the payload of malware) encrypted
with the UPX packer. “When the payload is decrypted, GlitchPOS is executed,
which captures the point of sale system memory”.
As for the payload, this is really very small
and has few functions, such as registering infected systems, receiving tasks
from C2, and extracting the payment card data.
The experts believe that, before GlitchPOS, the
developers had already designed more malicious code, since they consider that
Edbitss, author of the malware, had already participated in the development of
the DiamondFox L!NK botnet, which gives criminals the resources they need to
carry out a wide variety of attacks, such as DDoS attacks or credential theft.
The researchers found several similarities between this botnet and GlitchPOS,
so they believe that both were developed by the same hacker.
Attacks with GlitchPOS have become very popular
over the past month. Companies like Forever 21 have revealed that they have
been victims of this malware, which would have compromised customers from
multiple retail stores.
A point-of-sale solutions developer announced
that GlitchPOS has committed these systems mainly to restaurants and clothing
stores.
