The new version of the POS malware is not only created exclusively to attack Point-of-Sale systems but also to be sold in the underground markets as well. However, unlike your typical point of sale trojan, the FastPOS, like it’s name suggests focuses on speed. Since it’s coding and focus is primarily oriented towards, that it sacrifices many obfuscating components and this makes it much easier to be detected.
First discovered back in 2015, the virus has only had support for single processor architecture. Now, the case is different; FastPOS has 32 as well as 64-bit processor architecture.
The virus originally consists of two main modules – one for memory scrapping and one for obtaining the keystrokes of the POS machine (keylogger).
Furthermore, researchers at TrendMicro have detected traffic coming through via HTTP stream and the malware to steal credit card details from the POS as well. This is possible primarily because several key issues were disregarded, as the lack of protection of the files themselves.
What makes infections by FastPOS so successful Is the new strategy used during the infection process. The virus takes advantage primarily of a mechanism in Windows, known as Mailslots. These type of files are similar to .tmp (temporary) files, and they are existent solely in the random access memory of Windows PC’s. The modules of the virus are automatically executed once an infection is performed after which they cause an injection to legitimate Windows processes.
What is very interesting about FastPOS is the methods it uses to extract financial information and other credentials from the affected computer. To do this, the FastPOS malware uses scripts that call the malicious modules to immediately send information as soon as an action is performed on a given machine. This makes this tool very dangerous, meaning that as soon as it detects a debit card being inserted, it immediately sends out information to the C&C (Command and Control) server held by the black hat hackers.
Conclusion on FastPOS and It’s Dangers
Similar to other POS malware, like LogPOS, this type of virus also uses these mailslots files to steal information. However, unlike the other viruses this type of malware is focused on immediate response, which requires almost constant communication with it’s C&C servers. This means that with the proper protection software, this malware can be stopped even before having caused any damages.