HOME

TheInfoList



Click Here for Items Related To - CenterPOS Malware
OR:
CenterPOS Malware on:   [Wikipedia]   [Google]   [Amazon]

CenterPOS (also known as "Cerebrus") is a
point of sale The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
(POS)
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
discovered
Cyber Security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, th ...
Experts. It was discovered in September 2015 along with other kinds of POS malware, such as NewPOSThings, BlackPOS, and Alina. There are two versions which have been released by the developer responsible: version 1.7 and version 2.0. CenterPOS 2.0 has similar functionality to CenterPOS version 1.7. The 2.0 variant of CenterPOS malware added some more effective features, such as the addition of a configuration file for storing information in its
command and control server A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
.


Overview

CenterPOS has been used to target retailers in order to illegally obtain
payment card Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner (the cardholder) to access the funds in the customer's designated bank accounts, or through a credit account and ma ...
information using a memory scraper. It uses two distinct modes to scrape and store information: a "smart scan" and a "normal scan". At the normal scan mode, the malware looks at all of the processes on a device and determines which ones are not currently running processes, are not named "system", "system idle process" or "idle", and do not contain keywords such as
Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
or
Mozilla Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, w ...
. If the process meets the criteria list, the malware will search all memory regions within the process, searching for credit card data with regular expressions in the regular expression list. In smart scan mode, the malware starts by performing a normal scan, and any process that has a regular expression match will be added to the smart scan list. After the first pass, the malware will only search the processes that are in the smart scan list. The malware contains functionality that allows cybercriminals to create a configuration file.


Process Details

CenterPOS malware searches for the configuration file that contains the C&C information. If unable to find the configuration file, it asks for a
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
. If the password entered is correct, then it payloads the functions to create a configuration file. This malware is very different from other point of sale system malware in that it has a separate component called builder to create a payload. The CenterPOS malware looks for the credit and debit card information through smart scan mode and then encrypts all the scraped data using
Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Stand ...
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...
. Then the memory scraped data is sent to the operator of the malware through a separate
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
POST Post or POST commonly refers to: *Mail, the postal system, especially in Commonwealth of Nations countries **An Post, the Irish national postal service **Canada Post, Canadian postal service **Deutsche Post, German postal service **Iraqi Post, Ira ...
request.


See also

*
Point-of-sale malware Point-of-sale malware (POS malware) is usually a type of malicious software (malware) that is used by cybercriminals to target point of sale (POS) and payment terminals with the intent to obtain credit card and debit card information, a card's tr ...
*
Cyber security standards IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all ...
*
List of cyber attack threat trends A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...
*
Cyber electronic warfare Cyber may refer to: Computing and the Internet * ''Cyber-'', from cybernetics, a transdisciplinary approach for exploring regulatory and purposive systems Crime and security * Cyber crime, crime that involves computers and networks ** Conventi ...
*
Malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...


References

Carding (fraud) Cyberwarfare Windows trojans {{malware-stub