RawPOS

Description

(Trend Micro) Despite being one of the oldest Point-of-Sale (PoS) RAM scraper malware families out in the wild, RawPOS (detected by Trend Micro as TSPY_RAWPOS) is still very active today, with the threat actors behind it primarily focusing on the lucrative multibillion-dollar hospitality industry. While the threat actor’s tools for lateral movement, as well as RawPOS’ components, remain consistent, new behavior from the malware puts its victims at greater risk via potential identity theft. Specifically, this new behavior involves RawPOS stealing the driver’s license information from the user to aid in the threat group’s malicious activities.

Names

Name
RawPOS
FIENDCRY
DUEBREW
DRIFTWOOD

Category

Malware

Type

• POS malware
• Backdoor
• Info stealer

Information

• https://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-new-behavior-risks-identity-theft/
• https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf
• https://threatvector.cylance.com/en_us/home/rawpos-malware.html

Mitre Attack

• https://attack.mitre.org/software/S0169/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.rawpos

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:rawpos

Other Information

Uuid

72670111-f95a-423c-a296-f424939cc08e

Last Card Change

2020-05-25