Security News > 2020 > November > Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software

It's notable for its unusual sophistication, according to researchers, evidenced by its multiple modules.

The code is specifically taking aim at the Oracle MICROS Restaurant Enterprise Series 3700 POS - a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide, according to ESET. The attacks have mainly been in the U.S., researchers said - though the initial infection vector is unknown.

The main module creates a pipe used for communication with other malicious modules.

A networking module performs the actual communication with the C2. "Responses from the C2 server have to be at least 33-bytes long in order to be parsed by the networking module and the malicious payload is located after a sequence of 13 spaces followed by an HTML comment opening tag," according to ESET. Then there's a range of other downloadable modules for adding specific functionality to the backdoor.

"ModPipe's architecture, modules and their capabilities also indicate that its writers have extensive knowledge of the targeted RES 3700 POS software. The proficiency of the operators could stem from multiple scenarios, including stealing and reverse-engineering the proprietary software product, misusing its leaked parts or buying code from an underground market."

News URL

https://threatpost.com/cyberattackers-custom-backdoor-oracle-restaurant/161180/