PwnPOS

Description

(Trend Micro) PwnPOS is one of those perfect examples of malware that’s able to fly under the radar all these years due to its simple but thoughtful construction; albeit not being future proof. Technically, there are two components of PwnPOS: 1) the RAM scraper binary, and 2) the binary responsible for data exfiltration. While the RAM scraper component remains constant, the data exfiltration component has seen several changes – implying that there are two, and possibly distinct, authors. The RAM scraper goes through a process’ memory and dumps the data to the file and the binary uses SMTP for data exfiltration.

Names

Name
PwnPOS

Type

POS malware
Credential stealer

Information

https://blog.trendmicro.com/trendlabs-security-intelligence/pwnpos-old-undetected-pos-malware-still-causing-havoc/
https://www.brimorlabsblog.com/2015/03/and-you-get-pos-malware-nameand-you-get.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.pwnpos

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:PwnPOS

Other Information

Uuid

2dae9d51-6708-44f3-9253-21bc4262d92f

Last Card Change

2020-05-24

Threat Intelligence Garden

Explorer

PwnPOS

PwnPOS

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks