HOME

TheInfoList



Click Here for Items Related To - Alina (malware)
OR:
Alina (malware) on:   [Wikipedia]   [Google]   [Amazon]

Alina is a Point of Sale Malware or POS RAM Scraper that is used by cybercriminals to scrape credit card and
debit card A debit card, also known as a check card or bank card is a payment card that can be used in place of cash to make purchases. The term '' plastic card'' includes the above and as an identity document. These are similar to a credit card, but u ...
information from the
point of sale The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
system. It first started to scrape information in late 2012. It resembles JackPOS Malware.


Process of Alina POS RAM Scraper

Once executed, it gets installed on the user's
computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
and checks for updates. If an update is found, it removes the existing Alina code and installs the latest version. Then, for new installations, it adds the file path to an AutoStart runkey to maintain persistence. Finally, it adds java.exe to the %APPDATA% directory and executes it using the parameter alina= for new installations or, update=; for upgrades. Alina inspects the user's processes with the help of Windows API calls: * CreateToolhelp32Snapshot() takes a snapshot of all running processes * Process32First()/Process32Next() retrieve the track 1 and track 2 information in the process memory Alina maintains a blacklist of processes, if there is no process information in the blacklist it uses OpenProcess() to read and process the contents in the memory dump. Once the data is scraped Alina sends it to C&C servers using an HTTP POST command that is hardcoded in binary.


See also

* Point-of-sale malware * Cyber security standards * List of cyber attack threat trends


References

Carding (fraud) Cyberwarfare Windows trojans {{malware-stub