Security News > 2020 > November > ModPipe malware decrypts Oracle point-of-sale database passwords
Security researchers have discovered a new malware geared with modules that target Oracle Micros Hospitality RES 3700 point-of-sale systems, one of the most widely used management software in the hospitality industry.
Named ModPipe, the malware is a modular backdoor that can steal the passwords for the PoS system databases by decrypting them from Windows registry values.
One particularity for ModPipe is its modular architecture that allows extending its features through downloadable components, such as GetMicInfo, used for decrypting database passwords.
The researchers still don't know how tha malware compromises the PoS systems but they figured out its architecture, which includes an initial dropper, a persistent loader, the main module, a networking module, and downloadable components.
In a report shared with BleepingComputer, ESET says that GetMicInfo relies on a custom algorithm to intercept and decrypt the PoS database passwords.