The email GZ attachment contains a password-protected zip (not provided in the text), with an exe inside: the malware itself. It is not known what the next payload is.
Shopping with debit or credit cards in shops could cost much more than expectations: POS are under attack by cybercrime, thanks of their weak protections. Cisco Talos cyber security experts uncover a new ad hoc malware: GlitchPOS, sold in crimeware forums
POS (Point-of-sale) tools to conveniently do shopping with debit or credit card in physical or virtual stores are under attack by cybercrime. In the panorama of cyber threats, the use of malware is growing to steal card numbers and use them immediately in order to make profits. POS terminals are often forgotten when it comes to cyber security segmentation. As a result, they become an easy target for cyber criminals. In the crimeware forums, in fact, ad hoc malicious codes are depopulating, complete with control panels and video tutorials on how to use them. Cisco Talos has just discovered a new one: GlitchPOS, developed by an actor specialized in this type of program. According to the experts, he is the same author of the DiamondFox L! NK botnet, as Check Point reports. His nickname is Edbitss.
The malware spreads like a fake video game and aims to steal credit / debit card numbers. Then, it self-cancels. There are already those who try to resell it online at higher prices than the original ones
GlitchPOS spreads like a fake video game using various photos of cats. POS malware uses a self-extractor written in VisualBasic, which aims to decode a library in which it finds the malicious payload (compiled in the same language). This is a “memory grabber”, which connects to a command and control server (C2) to perform some functions: register infected systems, receive commands (in memory or on disk), exfiltrate credit card numbers from memory of the compromised device, update the exclusion list of the scanned processes, the “encryption” key and the User Agent and, finally, it auto-cancel itself. Moreover, it seems that malware has become very popular in a short time. So much so that someone has already tried to resell it on cybercrime forums, even at prices higher than the original ones. So be careful when shopping. It could prove to be much more expensive than expectations.