PoSeidon (malware)

PoSeidon is a name for a family of malicious computer programs targeting computerized Point-of-Sale systems.

History

Cisco's "Talos" computer security research laboratory discovered and introduced the family of malware and their nickname "PoSeidon" on their security blog on 20 March 2015.[1]

Operation

The malware attempts to steal both keystrokes and credit card numbers stored in system memory, by scanning RAM for Discover, Visa, Mastercard and AMEX issued credit cards. The credit card data is then encrypted and sent (exfiltrated) to a number of predefined Russian servers.[1]

If the commercial remote administration software LogMeIn is installed, the LogMeIn settings are modified, forcing the next remote user to enter a username and password. This allows the username and password to be read into the keylogger and exfiltrated.[2]

References


This article is issued from Wikipedia - version of the 7/20/2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.