Threat Actor: Unknown | ShadowPOS
Victim: Businesses with POS systems | Businesses with POS systems
Price: Pre-sale offer (exact price not disclosed)
Exfiltrated Data Type: Unencrypted credit card data
Key Points :
- ShadowPOS is a new POS malware introduced on a cybercrime forum.
- The malware is designed to infiltrate POS systems and steal unencrypted credit card data.
- It features advanced stealth and persistence capabilities, scanning memory regularly.
- Utilizes Google’s RE2 regular expressions engine for efficient memory scanning.
- A Command & Control panel is being developed for managing stolen card data.
- The seller promises exclusivity and customization for buyers of the malware.
- The post complies with forum rules, emphasizing it is not intended for ransomware attacks.
- Organizations are advised to strengthen security measures against such threats.
A threat actor recently introduced a new Point of Sale (POS) malware called “ShadowPOS” on a well-known cybercrime forum. Still under development, the malware is marketed as an advanced tool designed to infiltrate POS systems, steal unencrypted credit card data, and send it to a command and control (C2) server.
Stealth and Persistence Features
The creator of ShadowPOS describes it as both highly persistent and stealthy. It scans memory at regular intervals and uploads stolen data to its C2 server. By running as a single-threaded process, the malware minimizes system resource usage, making it harder to detect.
Advanced Scanning Capabilities
ShadowPOS uses a complex algorithm that efficiently locates and verifies card data. It relies on Google’s RE2 regular expressions engine to perform high-speed memory scanning across all processes on targeted Windows-based POS systems. Unlike other POS malware, ShadowPOS scans all running processes on a terminal, significantly increasing its chances of success.
Command & Control Panel
The developer is also working on a Command & Control panel, which will allow users to manage and query stolen card data. This panel aims to streamline inventory management for those looking to sell or use the compromised information.
Exclusive Pre-Sale Offer
The threat actor is offering ShadowPOS for pre-sale with a promise of exclusivity. If purchased, the malware will not be sold as a service to others. The seller also offers to customize the malware according to the buyer’s needs.
Compliance with Forum Rules
The seller has pre-approved the post with the forum’s staff to ensure it complies with the site’s rules, which prohibit the sale of credit card information and ransomware-related tools. The seller emphasizes that the malware is not intended for ransomware attacks and does not come with any stolen card data.
The introduction of ShadowPOS highlights the ongoing evolution of cyber threats targeting businesses. Organizations must strengthen their security measures, including the encryption of card data and regular monitoring for unusual activity, to mitigate the risks posed by this and similar malware.
The post New POS Malware “ShadowPOS” Advertised in DarkWeb Forum appeared first on Daily Dark Web.