Kasidet POS RAM Scraper Malware
Kasidet POS Malware is a variant of Point of Sale (POS) Malware that performs DDoS attacks using Namecoin's Dot-Bit service to scrape payment card details.[1][2] It is also known as Trojan.MWZLesson or Neutrino and was found in September 2015 by cyber security experts.[3][4] It is a combination of BackDoor.Neutrino.50 and the POS malware.[5]
Operation
[edit | edit source]Kasidet POS Worm gets on a system along with the other malware or gets downloaded unknowingly when user visits malicious websites.[6][7] This malware is different from other POS malware and it scrapes data with advanced features.[8] First it scrapes the POS RAM and steals payment card details. Then the scraped information is sent to the cyber criminal with intercepted GET and POST requests from the browser.[9] It's very difficult to detect this bot by using security programs; sometimes it's detectable in email spam campaigns and exploit kits.[10] The scraping capability of Kasidet has now been enhanced by the cyber criminals and it now hides C&C server in the Namecoin DNS Service Dot-Bit.
Incidents
[edit | edit source]- The US Government blamed Russian hackers for malicious Kasidet POS malware found in Democratic National Committee computers and a Burlington Electric Company laptop.[11][12][13] In the former case, the software was allegedly used to interfere in the 2016 election.
- Zscaler has reported that MS Office documents distributed in phishing emails contain macros that install Kasidet POS malware into user machines.[7][14] The malware is believed to originate in Russia.[14]
See also
[edit | edit source]- Cyber electronic warfare
- Cyber security standards
- Cyber warfare
- List of cyber attack threat trends
- Proactive Cyber Defence
- Point-of-sale malware
- Point of sale
References
[edit | edit source]- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).[dead link]
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
 | This malware-related article is a stub. You can help Wikipedia by expanding it. |