Categories: Cyber CrimeMalware

The author of BlackPOS malware professes his innocence and good faith

Thanks to efficient investigation conducted by private firms like IntelCrawler, BlackPOS author was identifyed and professes his innocence and good faith.

I was within the official source to spot the 23-year-old teenager who developed the BlackPOS malware thanks to the revelations made by Cyber Intelligence firm IntelCrawler.

The author of BlackPOS was known as “ree[4]” in the underground market, researchers at IntelCrawler in a first analysis identified SergeyTarasov, but after further investigation they found the right person, a 23-year-old young hacker named Rinat Shabayev that has probably collaborated with Sergey Taraspov, who  provided him technical support for the designing of the malicious code.

In the previous reports of Cyber Intelligence firm ‘IntelCrawler‘ named SergeyTarasov, a 17-year-old teenager behind the nickname “ree [4]”, as the development of Black POS malware, according the investigation the malicious code was used to infect systems at Target and probably also at Neiman Marcus, two of the biggest US retailers.

The figured related to the Target data breach are disturbing, Credit-Debit cards and personal information belonging to nearly 110 million consumers are at risk.

It seems that Rinat Shabayev, aka ree[4], and the teen,Sergey Taraspov have collaborated to design the BlackPOS Malware, but they aren’t responsible for the data theft at the Target retailer, according the investigation they developed the malicious agent to sell it to other criminal gangs based in Eastern Europe.

Rinat Shabayev admitted that he had developed the BlackPOS malware, during the interview he has released to the Russian news agency ‘LifeNews‘ he defended his position, sustaining that the malicious code was developed for the security testing and not to steal data. He confirmed to have received support by another anonymous coder, whom he had met online and that may have added more features to it.
His intention was to sell the exploit and he also remarked to be aware that the malware can be used for malicious purposes too, but he never has thought to conduct any illegal activity as the data theft.

“There is a ready program, I took and wrote to her addition to the data saved in the file and the server failed. It was originally planned to sell the program, most do not use it. And the idea was shared with another person. The program is designed for grabbing data. That is, rather, to copy the credit card data – told Shabayev. – I do not know why this name – “kartohu.” We took this program “kartohu” and finish the addition to it. Online cooperation offered by this program, but I did not want to cooperate, just gave the program and all. If you use this software with malicious intent, you can earn good, but it is illegal. So I do not want to do it, just wrote for sale, not to use it yourself, and let people enjoy it, and they will all conscience.” is the translation from the Russian channel.
Now IT security has a further problem to resolve, a BlackPOS is in the wrong hand and million people are suffering credit card theft, on the other side the law enforcement will have to judge a young man who professes his innocence and good faith.
Frankly, I believe that the boy is terrified, both parties, law enforcement and criminal organizations who acquired BlackPOS, will do much attention to the confessions of the youngster.
Scary stuff!

Pierluigi Paganini

(Security Affairs –  BlackPOS, Rinat Shabayev)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

6 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

12 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

24 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.