Along with the incoming winter holidays a new ‘present’ for cyber-criminals, called Pro PoS Solutions has been uploaded for sale in dark web forums. From its upload point forward PoS users are in for a special Christmas financial data stealing – a true gift from Mr. Blackhat Santa.
Christmas Malware is just around the corner. Learn how to protect your credit and banking information.
A company going by the name InfoArmor which may have reverse engineered it and performed other research of the Pro PoS malware claims that the questionable threat is available for sale in some underground websites of the dark web. Given that the sales page is reported to be written in Cyrillic, the threat is most likely created by someone in Eastern Europe.
Furthermore, the creators of this ‘Solution’ that may affect any PoS system in the world right now, have designed it to attack the OS used by retailer stores. We are talking about Windows operating systems ranging from Windows XP to modified and newer versions.
Also, info armor suggests that the malware is already being utilized to target such systems in several locations in North America.
Pro PoS Solutions In Detail
In order to remain hidden, Pro PoS uses rootkit technologies. What is more, the malware has mechanisms that mask it against antivirus programs. One of those may be a so-called Crypter which allows it to counter the definitions and the active shields of the antivirus software itself. This is the most common technology used by hackers that implement backdoors, rootkits and trojans into targeted machines.
The malware itself is very small in memory size which makes it extremely portable – less than 100 kilobytes. Professionals also claim that Pro PoS has a specific engine allowing it to be uniquely identified for every PoS operating system it infects. Some experts believe that this may be a counter tactic enabling it to remain without a countermeasure for longer.
The malware has been offered for around 2000 dollars for half a year. It may come with instructions on how to use Onion networking to mask the connection to the primary servers controlling it.
There is no surprise that the interest in PoS malware has increased especially during holidays – it is the time of the most consumers being active. Here comes the question – “How do I protect my organization?”
One variant is to use unix-based PoS system with customized applications for terminal payment processing. But let us not forget that the best methods for defense are usually the simplest. Since there is no proven way to detect such malware when it’s incoming experts advise organizations to implement malware check routines and research more on the methods of infection.
Also, here are some protection tips that will be of use to counter Pro PoS malware:
- Make sure to use additional firewall protection. Downloading a second firewall (like ZoneAlarm, for example) is an excellent solution for any potential intrusions.
- Make sure that your programs have less administrative power over what they read and write on your computer. Make them prompt you admin access before starting.
- Use stronger passwords. Stronger passwords (preferably ones that are not words) are harder to crack by several methods, including brute forcing since it includes pass lists with relevant words.
- Turn off AutoPlay. This protects your computer from malicious executable files on USB sticks or other external memory carriers that are immediately inserted into it.
- Disable File Sharing – it is recommended if you need file sharing between your computer to password protect it to restrict the threat only to yourself if infected.
- Switch off any remote services – this can be devastating for business networks since it can cause a lot of damage on a massive scale.
- If you see a service or a process that is external and not Windows critical and is being exploited by hackers (Like Flash Player), disable it until there is an update that fixes the exploit.
- Make sure always to update the critical security patches for your software and OS.
- Configure your mail server to block out and delete suspicious file attachment containing emails.
- If you have a compromised computer in your network, make sure to isolate immediately it by powering it off and disconnecting it by hand from the network.
- Turn off any non-needed wireless services, like Infrared ports or Bluetooth – hackers love to use them to exploit devices.
- In case you use Bluetooth, make sure that you monitor all of the unauthorized devices that prompt you to pair with them and decline and investigate any suspicious ones.
- Employ a powerful anti-malware solution to protect yourself from any future threats automatically.
References
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Ventsislav Krastev
Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.
Follow Me: