Now Reading
Cisco Discovers “PoSeidon” POS Malware

Cisco Discovers “PoSeidon” POS Malware

by Neil SardesaiMarch 26, 2015

Researchers at Cisco’s Talos Security Intelligence and Research Group have discovered a dangerous, new form of point-of-sale (POS) malware dubbed “PoSeidon”. The malware builds upon previous trojans like ZeuS and BlackPOS that affected retail stores like Target and Home Depot. Many credit card terminals run legacy versions of Windows, which leaves them vulnerable to all sorts of malware. And with new threats like PoSeidon, even newer terminals are at risk.

PoSeidon – A Nightmare for Both Customers and Merchants

Cisco Discovers "PoSeidon" POS MalwarePoSeidon is an alarmingly sophisticated piece of software that relies on outdated and insecure technologies like credit card magnetic stripes. Information stored on a magnetic stripe can easily be encoded onto a new magnetic stripe on a fake credit card. Underground stolen credit card markets thrive in the U.S. due to America’s reliance on magnetic stripe cards. Chip-based “EMV” cards are much harder to clone and are common in many countries outside North America.

The PoSeidon Malware starts by injecting a “Loader” that maintains persistence on the POS terminal. This allows PoSeidon to stay on the system even if the terminal is rebooted. Next, the malware contacts an external server to download a keylogger called “FindStr”. FindStr scrapes the terminal’s memory for number sequences that could be credit card numbers. The software then checks to see if the numbers are, in fact, credit card data by using the Luhn algorithm. Anything else is filtered out before the data is sent to external servers of Russian origin. From that point, stolen credit card data is likely sold in various black markets.

“PoSeidon is another in the growing number of Point-of-Sale malware targeting PoS systems that demonstrate the sophisticated  techniques and approaches of malware authors,” says Cisco. The company encourages network administrators to consider best security practices to prevent large-scale infections due to malware like PoSeidon.

“As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families.”

Images from Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • It is essential ( and inevietable) that we rapidly move away from a “pull system” of transaction operation (credit/debit cards which need customers to reveal their security codes ) and which have numerous hackable storage databases with various intermediaries to “verify” money transfer.

    The only medium/longterm solution for Banks/Merchants is to utilise a decentralised blockchain “push system” application for securing/processing payments, where no security codes are sent along with transfer data, but the transaction simply “pushes” the value required and doesnt allow any hacker the ability to pull money from any intercept of the data.

    This system already exists, and is being developed at a phenomenal rate. Its called bitcoin and runs on the decentralised blockchain protocol.

    If you are still not up to speed with where bitcoin is going,( maybe still listening to the shills and misinformed media) you need to read up fast. Those looking ahead can clearly see that peer-to-peer “push” transaction technology is going to have a massive impact on the likes of MasterCard and Visa in the remaining years of this decade.

    Its going to be fun – trust the Rat !