FastPOS Trojan Exploits Mailslots in Windows to Steal Information - How to, Technology and PC Security Forum | SensorsTechForum.com

FastPOS Trojan Exploits Mailslots in Windows to Steal Information

online-security-sensorstechforumA trojan horse, created by a hacking group, dubbing it FastPOS, has recently been updated with a new technique that causes infection via a bug in Windows Mailslots mechanisms.

The new version of the POS malware is not only created exclusively to attack Point-of-Sale systems but also to be sold in the underground markets as well. However, unlike your typical point of sale trojan, the FastPOS, like it’s name suggests focuses on speed. Since it’s coding and focus is primarily oriented towards, that it sacrifices many obfuscating components and this makes it much easier to be detected.

First discovered back in 2015, the virus has only had support for single processor architecture. Now, the case is different; FastPOS has 32 as well as 64-bit processor architecture.

The virus originally consists of two main modules – one for memory scrapping and one for obtaining the keystrokes of the POS machine (keylogger).

Furthermore, researchers at TrendMicro have detected traffic coming through via HTTP stream and the malware to steal credit card details from the POS as well. This is possible primarily because several key issues were disregarded, as the lack of protection of the files themselves.

What makes infections by FastPOS so successful Is the new strategy used during the infection process. The virus takes advantage primarily of a mechanism in Windows, known as Mailslots. These type of files are similar to .tmp (temporary) files, and they are existent solely in the random access memory of Windows PC’s. The modules of the virus are automatically executed once an infection is performed after which they cause an injection to legitimate Windows processes.

What is very interesting about FastPOS is the methods it uses to extract financial information and other credentials from the affected computer. To do this, the FastPOS malware uses scripts that call the malicious modules to immediately send information as soon as an action is performed on a given machine. This makes this tool very dangerous, meaning that as soon as it detects a debit card being inserted, it immediately sends out information to the C&C (Command and Control) server held by the black hat hackers.

Conclusion on FastPOS and It’s Dangers
Similar to other POS malware, like LogPOS, this type of virus also uses these mailslots files to steal information. However, unlike the other viruses this type of malware is focused on immediate response, which requires almost constant communication with it’s C&C servers. This means that with the proper protection software, this malware can be stopped even before having caused any damages.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.