PoS malware landscape

2022-10-11 20:36

A new report from Kaspersky sheds light on the 2020-2022 ATM and Point of Sale malware landscape.

Lockdowns all around the globe during the pandemic have seriously reduced ATM and PoS malware activity, since people stayed at home with no other possibility than buying what they needed online instead of physically going to shops.

Brazil has been in the same situation, with an outdated ATM fleet, yet in addition Brazil has a number of cybercriminals creating new POS malware there.

AbaddonPoS. AbaddonPoS has been active since 2015 and is a generic PoS malware that tries to hide its activities via anti-analysis mechanisms, code obfuscation and a custom protocol for exfiltrating data from the victims to the cybercriminals.

Prilex is a Brazilian threat actor who switched from ATM-focused malware to PoS malware in 2016.

Prior to this move, the group has been responsible for one of the largest ATM attacks in Brazil, stealing money from more than 1,000 machines while also cloning 28,000 credit cards that were used in these ATMs. The Prilex PoS malware evolved into a very advanced and complex malware capable of modifying communications with the PIN pad and bypass EMV validations.

News URL

https://www.techrepublic.com/article/atm-pos-malware-landscape/

#ATM #malware #POS