BlackPOS Malware
   HOME

TheInfoList



Click Here for Items Related To - BlackPOS Malware
OR:
BlackPOS Malware on:   [Wikipedia]   [Google]   [Amazon]

BlackPOS, also known as Kaptoxa, is a
point-of-sale malware Point-of-sale malware (POS malware) is usually a type of malicious software (malware) that is used by cybercriminals to target point of sale (POS) and payment terminals with the intent to obtain credit card and debit card information, a card's tr ...
program designed to be installed in a
point of sale The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
(POS) system to scrape data from
debit Debits and credits in double-entry bookkeeping are entries made in account ledgers to record changes in value resulting from business transactions. A debit entry in an account represents a transfer of value ''to'' that account, and a cred ...
and credit cards. BlackPOS was used in the Target Corporation data breach of 2013."BlackPOS involved in Target’s POS machines"
/ref>
/ref>


History

The BlackPOS program first surfaced in early 2013 and affected many Australian, American, and Canadian companies using point-of-sale systems, such as
Target Target may refer to: Warfare and shooting * Shooting target, used in marksmanship training and various shooting sports ** Bullseye (target), the goal one for which one aims in many of these sports ** Aiming point, in field artille ...
and
Neiman Marcus Neiman Marcus is an American department store chain founded in 1907 in Dallas, Texas by Herbert Marcus, his sister Carrie Marcus Neiman, and her husband Abraham Lincoln Neiman. It has been owned by Saks Global, a Corporate spin-off, spin-o ...
. The program was originally created by 23 year-old Rinat Shabayev and later developed by 17-year-old Sergey Taraspov, better known by his online name, 'ree4'. The original version of BlackPOS was sold on online black market forums by Taraspov, under the name "Dump Memory Grabber by Ree", for around $2000. The name BlackPOS was found in the software's administration panel.


Operation

BlackPOS infects computers running on
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
that have credit card readers connected to them and are part of a POS system. After installation, the program attaches to the pos.exe process and scans its memory for track 1 and track 2
payment card Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner (the cardholder) to access the funds in the customer's designated bank accounts, or through a credit account and ...
data."POS Malware Revisted"
/ref> The data is then exfiltrated via SMB to a server within the company, where another component collects it and sends it to the attacker via
FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and dat ...
. BlackPOS only sends stolen information during business hours, to avoid raising suspicion by generating network traffic at unusual times.


Incidents

BlackPOS has been used to steal customer information from businesses worldwide. The most well-known attack was the
2013 Target security breach The history of Target Corporation first began in 1902 by George Dayton. The company was originally named Goodfellow Dry Goods in June 1902 before being renamed the Dayton's Dry Goods Company in 1903 and later the Dayton Company in 1910. The first ...
.


Target

During Thanksgiving break of November 2013,
Target Target may refer to: Warfare and shooting * Shooting target, used in marksmanship training and various shooting sports ** Bullseye (target), the goal one for which one aims in many of these sports ** Aiming point, in field artille ...
's POS system was infected with the BlackPOS malware. It was not until mid-December that the company became aware of the breach. The hackers were able to get into Target's systems by compromising a company web server and uploading the BlackPOS software to Target's POS systems. As a result of this attack, more than 40 million customer credit and debit card information, and more than 70 million addresses, phone numbers, names, and other personal information, was stolen. About 1800 U.S. Target stores were affected by the malware attack.


Neiman Marcus

Neiman Marcus Neiman Marcus is an American department store chain founded in 1907 in Dallas, Texas by Herbert Marcus, his sister Carrie Marcus Neiman, and her husband Abraham Lincoln Neiman. It has been owned by Saks Global, a Corporate spin-off, spin-o ...
, another well-known retailer, was affected as well. Their POS system was said to have been infected in early July 2013 and was not fully contained until January 2014. The breach is believed to have involved 1.1 million credit and debit cards over the span of several months. Although credit and debit card information was compromised, Neiman Marcus issued a statement saying that
Social Security Numbers In the United States, a Social Security number (SSN) is a nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents under section 205(c)(2) of the Social Security Act, codified as . The number is issued t ...
and birthdates were not affected.


Other companies

Other affected companies included
UPS UPS most commonly refers to: * Uninterruptible power supply, a device which provides continuous power to electronics * United Parcel Service, an American courier company UPS or ups may also refer to: Companies and organizations United Parcel S ...
and
Home Depot The Home Depot, Inc., often referred to as Home Depot, is an American multinational corporation, multinational home improvement retail corporation that sells tools, construction products, appliances, and services, including fuel and transportat ...
.


See also

*
Point-of-sale malware Point-of-sale malware (POS malware) is usually a type of malicious software (malware) that is used by cybercriminals to target point of sale (POS) and payment terminals with the intent to obtain credit card and debit card information, a card's tr ...
*
Point of sale The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
*
Cyber security standards Information security standards (also cyber security standards) are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devi ...
*
List of cyber attack threat trends A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and inte ...
*
Malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...


References

{{reflist Windows trojans Theft