vSkimmer

Description

(XyliBox) Functions:

Track 2 grabber
HTTP Loader (Download & Execute)
Update bot itself

Working Modes:

Online: If internet is reachable it will try to bypass firewalls and communicate to a the control panel.
Offline: If internet is not reachable it wait for a specific pendrive/flashdrive plugged in and copy logs to it.

Server coded in PHP (can be modified on request to send logs to remote server, via smtp, etc.. ) Client coded in C++ no dependencies, 66kb, cryptable. (can be customized)

Names

Name
vSkimmer

Type

POS malware
Reconnaissance
Backdoor
Credential stealer
Botnet

Information

https://www.xylibox.com/2013/01/vskimmer.html
http://vkremez.weebly.com/cyber-security/-backdoor-win32hesetoxa-vskimmer-pos-malware-analysis
https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf
https://www.secureworks.com/research/point-of-sale-malware-threats

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.vskimmer

Other Information

Uuid

680688a9-239b-49e8-bc5a-37af1fd852c1

Last Card Change

2020-05-25

Threat Intelligence Garden

Explorer

vSkimmer

vSkimmer

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks