Cherry Picker

Description

(Trustwave) For the last five years Trustwave has been monitoring a threat across a number of forensic cases that we have dubbed ‘Cherry Picker’. This targeted Point of Sale (PoS) memory scraper has enjoyed a very low detection rate in the wild for quite some time. Cherry Picker uses a new memory scraping algorithm, a file infector for persistence, and cleaner malware that removes all traces of the infection from target systems. This sophisticated functionality and highly targeted victims have helped the malware remain under the radar of many AV and security companies. This post will expose the functionality of Cherry Picker and hopefully help organizations provide protection from this threat.

Names

Name
Cherry Picker
Cherry Picker POS
CherryPicker POS
cherrypickerpos
cherrypicker
cherry_picker

Category

Malware

Type

• POS malware
• Credential stealer

Information

• https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/shining-the-spotlight-on-cherry-picker-pos-malware/
• https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Memory-Scraping-Technique-in-Cherry-Picker-PoS-Malware/

Mitre Attack

• https://attack.mitre.org/software/S0107/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.cherry_picker

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:cherry%20picker

Other Information

Uuid

617bd0a3-821e-43b4-9619-a6fd084d1439

Last Card Change

2022-12-30