Iranian Security Researcher C3phalex1n: LogPOS Point Of Sale Malware

Iranian security researcher C3phalex1n have written article called LogPOS – New Point Of Sale Malware

New point-of-sale -POS- malware -LogPOS- have been using technology evades detection by allow malware to inject code and act like client while is moves stolen credit card numbers off to command and control -C+C- server

The technology -Microsoft Windows mailslots- is old but is first time POS malware variant have been spotted using Mailslots is inter-process communications -IPC- mechanism that allow multiples clients to send messages

LogPOS executable creates mailslot which acts like is server The code that it inject into various processes acts as client and subsequently transfers credit card information to mailslot and move to C+C server

If malware creates mailslot malware compare processes against whitelist injects code to disrupt processes scans for credit card information validates it, sends it to the mailslot and then to remote sites

Link for more detail of LogPOS from C3phalex1n web site is here

See here for full article by C3phalex1n

Leave a Reply

Your email address will not be published. Required fields are marked *