Security News > 2020 > November > New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels
The backdoor - dubbed "ModPipe" - impacts Oracle MICROS Restaurant Enterprise Series 3700 POS systems, a widely used software suite in restaurants and hospitality establishments to efficiently handle POS, inventory, and labor management.
A majority of the identified targets are primarily located in the US. "What makes the backdoor distinctive are its downloadable modules and their capabilities, as it contains a custom algorithm designed to gather RES 3700 POS database passwords by decrypting them from Windows registry values," ESET researchers said in an analysis.
The ModPipe infrastructure consists of an initial dropper that's used to install a persistent loader, which then unpacks and loads the next-stage payload - the main malware module that's used to establish communications with other "Downloadable" modules and the command-and-control server via a standalone networking module.
A second module called "ModScan 2.20" is devoted to collecting additional information about the installed POS system, while another module by the name of "Proclist" gathers details about currently running processes.
"ModPipe's architecture, modules and their capabilities also indicate that its writers have extensive knowledge of the targeted RES 3700 POS software," the researchers said.