Posted on 16.07.2015 After dedicating their efforts to swelling the number of computers roped into their malicious net, the masters of the Andromeda botnet are putting it to use by delivering a new family of PoS malware to as many PoS systems as they can.
The systems get infected with the Andromeda backdoor after users either open a malicious attachment or visit a site hosting an exploit kit. In the former example, the attachments are often disguised as documents needed for PCI DSS compliance or updating the company's Oracle MICROS platform.
"Once converted into Andromeda bots, the affected machines can now be manipulated via a control panel, letting cybercriminals perform different commands," Trend Micro researchers explain. Full Article
New GamaPoS malware targets US companies
+54+54July 17, 2015 By Pierluigi Paganini
GamaPoS is the name of the last PoS malware used by criminal crews to steal credit card data from the memory of payment systems. Security experts at Trend Micro discovered which discovered the GamaPoS malware explained that it is distributed by a large botnet known as Andromeda, which has been around since 2011.
The experts found systems infected in the US and Canada, the malware that targets Windows systems is written in Microsoft’s.
http://securityaffairs.co/wordpress/wp-content/uploads/2015/07/GamaPoS-per-country.jpg
Full Article
The experts at Trend Micro discovered GamaPoS, a new PoS malware that is spread through the Andromeda botnet in the US and Canada.
GamaPoS is the name of the last PoS malware used by criminal crews to steal credit card data from the memory of payment systems. Security experts at Trend Micro discovered which discovered the GamaPoS malware explained that it is distributed by a large botnet known as Andromeda, which has been around since 2011.
The experts found systems infected in the US and Canada, the malware that targets Windows systems is written in Microsoft’s.
http://securityaffairs.co/wordpress/wp-content/uploads/2015/07/GamaPoS-per-country.jpg
Full Article
The following article is a update:
************************************
Researchers at Trend Micro have conducted an analysis of GamaPoS, a new point-of-sale (PoS) malware that has made its way onto the systems of United States organizations with the aid of the notorious Andromeda botnet.
The Andromeda botnet has a wide reach, which is why many cybercriminals rely on it for distributing malware. In the campaign involving GamaPoS, experts determined that the PoS malware is downloaded on only 3.8 percent of systems affected by Andromeda.
PoS malware is designed to steal payment card data from PoS systems. Since most of the devices infected with Andromeda backdoors are not running any PoS software, it appears that the attackers behind GamaPoS are hoping to catch at least some PoS systems in the large volume of compromised computers.
According to Trend Micro, GamaPoS attacks start with emails containing macro-based malware or links pointing to exploit kits. PsExec and Mimikatz, publicly available tools that are highly popular among cybercriminals, are then dropped onto targeted computers and used by the attackers to collect information from the infected device and to move laterally in the victim’s network. The GamaPoS malware is dropped only on some of the Andromeda bots.
full article
************************************
Andromeda Botnet Used to Deliver New GamaPoS Malware
By Eduard Kovacs on July 17, 2015Researchers at Trend Micro have conducted an analysis of GamaPoS, a new point-of-sale (PoS) malware that has made its way onto the systems of United States organizations with the aid of the notorious Andromeda botnet.
The Andromeda botnet has a wide reach, which is why many cybercriminals rely on it for distributing malware. In the campaign involving GamaPoS, experts determined that the PoS malware is downloaded on only 3.8 percent of systems affected by Andromeda.
PoS malware is designed to steal payment card data from PoS systems. Since most of the devices infected with Andromeda backdoors are not running any PoS software, it appears that the attackers behind GamaPoS are hoping to catch at least some PoS systems in the large volume of compromised computers.
According to Trend Micro, GamaPoS attacks start with emails containing macro-based malware or links pointing to exploit kits. PsExec and Mimikatz, publicly available tools that are highly popular among cybercriminals, are then dropped onto targeted computers and used by the attackers to collect information from the infected device and to move laterally in the victim’s network. The GamaPoS malware is dropped only on some of the Andromeda bots.
full article
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.