Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Purported Stealthy POS Malware Threatens Retailers, Stirs Controversy

    By
    Robert Lemos
    -
    November 25, 2015
    Share
    Facebook
    Twitter
    Linkedin
      ModPOS malware 2

      Attackers have targeted retailers with a sophisticated malware framework that infects point-of-sale systems and uses high-level encryption to hide its functionality and make analysis difficult, security-consultancy iSIGHT Partners said on Nov. 24.

      The malware framework, dubbed ModPOS, is very hard to detect and likely has infected multiple retailers, iSIGHT said. With its large code base and sophisticated techniques, the group behind ModPOS has a great deal of technical skill, Maria Noboa, lead technical analyst for cyber-crime with iSIGHT Partners, told eWEEK.

      “We have professional level coding, (and) a really heavy emphasis on obfuscation,” she said. “When you think of all these things that it is doing, it is overkill, almost.”

      iSIGHT’s announcement, however, riled others in the security community. Most significantly, Verizon’s Cyber Intelligence Center (VCIC) called the report “hyperbole.”

      “The VCIC has not collected any reports of this malware in the wild,” the company stated in a blog post. “Our initial assessment of the iSight report does not support observations such as, ‘Most complex ever,’ or ‘silent assassin.’ These characterizations of ModPOS are hyperbole.”

      Both Verizon and iSIGHT acknowledge that the malware had been previously detected by Symantec as Straxbot in December 2014. Yet, iSIGHT claimed that components of the malware were detected as far back as 2012 and that last year researchers confirmed that the software had targeted U.S. retailers.

      iSIGHT decided to issue its public analysis so that retailers can look out for the attack in their point-of-sale systems, Noboa said. The company’s researchers have reverse engineered three plugins used by the framework: One that profiles the infected system, another that gathers information on the local network and a third that scrapes user names and easy-to-decrypt passwords.

      The company called the malware the “most sophisticated point-of-sale malware we have seen to date.” The framework consists of a variety of different modules, each one acting like its own rootkit, hiding on a computer system and persisting even after a reboot. ModPOS uses a unique encryption key for each system that it infects, making it difficult to compare code from different systems, iSIGHT stated in its analysis.

      Two of the company’s researchers required three weeks to just crack the coding around a single component of the malware framework, Noboa said.

      “We only had a limited insight into the framework last year and we did not understand how sophisticated this was and what they were capable of doing,” she said. “Until one of our reverse engineers was finally able to break one of the keys of encrypted data and analyze a plugin to realize that the encrypted network traffic had additional binaries.”

      The operation has almost entirely avoided detection by antivirus software programs. Only a single program of the 52 virus scanners on VirusTotal, apparently Symantec, detected a component of the threat, assigning it a severity rating of low, according to iSIGHT.

      The malware likely infiltrates companies through targeted spear phishing campaigns that convince unwary employees to run untrusted programs.

      Verizon decided not to warn clients about the potential threat because no antivirus firm has issued alerts.

      “The absence of an alarm from Symantec or any other anti-malware defender for a Trojan that has been in existence for about a year and perhaps two years indicates ModPOS is not a significant or growing threat at this time,” Verizon’s intelligence group stated.

      “The VCIC will continue to include this threat in our intelligence collection activities and advise Verizon Enterprise clients of significant changes in the risk environment.”

      The VCIC has changed its estimate of a threat in the past. In March 2014, when security firm AlienVault warned of BrutPOS, the group initially did not issue an alert, but did four months later, when the malware became more prolific.

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Careers

      SThree’s Sunny Ackerman on Tech Hiring Trends

      James Maguire - June 9, 2022 0
      I spoke with Sunny Ackerman, President/Americas for tech recruiter SThree, about the tight labor market in the tech sector, and much needed efforts to...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×