Security experts at Trend Micro have discovered a new strain of the MalumPoS malware that was reconfigured to compromise PoS systems based on the Oracle® MICROS® platform.
Trend Micro was the first to detect MalumPoS in the wild, the new variant was configured to hit this Oracle platform that is widely (330,000 customer installations worldwide) used in the hospitality, food and beverage, and retail industries.
Oracle claims that MICROS is used in 330,000 customer sites worldwide. A bulk of the companies using this platform is mostly concentrated in the United States. If successfully deployed by a threat actor, this PoS RAM scraper could put several high-profile US-based companies and their customers at risk.
MalumPoS belong to the family of PoS RAM scrapers, this means that the malicious agent is able to steal customer credit card data directly from the RAM memory of the infected systems.
The researchers al Trend Micro explained that the MalumPoS was designed to be configurable, its abilities could be easily expanded in the future. The threat actors can change or add other processes or configure new targets.
“He can, for example, configure MalumPoS to include Radiant or NCR Counterpoint PoS systems to its target list.” states the post.
The researchers highlighted the following characteristics of the MalumPoS malware:
Trend Micro have published a detailed analysis of MalumPoS malware that include IoC indicators and YARA rules that could be used to detect the presence of the malware.
(Security Affairs – MalumPoS , PoS malware)
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.