BlackPOS
Description
(Trend Micro) In 2012, the source code of BlackPOS was leaked, enabling other cybercriminals and attackers to enhance its code.
Even though BlackPOS ver2 has an entirely different code compared to the BlackPOS which compromised Target, it duplicates the data exfiltration technique used by the Target BlackPOS. It is an improved clone of the original, which is why we decided to call this BlackPOS ver2.
It is also being reported in the press that some security vendors called this malware as “FrameworkPOS.”
Names
| Name |
|---|
| BlackPOS |
| FrameworkPOS |
| Kaptoxa |
| POSWDS |
| Reedum |
| MMon |
Category
Malware
Type
- POS malware
- Credential stealer
Information
- https://blog.trendmicro.com/trendlabs-security-intelligence/new-blackpos-malware-emerges-in-the-wild-targets-retail-accounts/
- https://www.welivesecurity.com/2013/12/19/target-down-biggest-data-breach-ever-leaks-40-million-credit-and-debit-cards-from-retailer-at-height-of-shopping-season/
- https://blog.trendmicro.com/trendlabs-security-intelligence/home-depot-breach-linked-to-blackpos-malware/
- https://labs.sentinelone.com/fin6-frameworkpos-point-of-sale-malware-analysis-internals-2/
- https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf
- https://www.secureworks.com/research/point-of-sale-malware-threats
- https://threatpost.com/points-of-sale-poorly-secured-facing-sophisticated-attacks/106027/
Malpedia
Alienvault Otx
- https://otx.alienvault.com/browse/pulses?q=tag:blackpos
- https://otx.alienvault.com/browse/pulses?q=tag:FrameworkPOS
Other Information
Uuid
41ad02a6-84e7-4a4a-bc6f-ac6ac0d8219b
Last Card Change
2022-12-28