An attack aiming to infect PoS systems was found using the Angler Exploit Kit to push a PoS reconnaissance Trojan,This Trojan, detected as TROJ_RECOLOAD.A, checks for multiple conditions in the infected system like if it is a PoS machine or part of a PoS network. It then proceeds to download specific malware depending on the conditions met. We’ve also found that this utilizes the fileless installation capability of the Angler Exploit Kit to avoid detection.
Looking into its infection chain, we found that part of its reconnaissance involves searching for data related to specific websites and companies. One example would be Verifone, a company that offers solutions for electronic payments and PoS transactions. Based on the infection chain, we also believe that this attack is targeting web-based terminals.
This finding suggests that attackers are now looking for ways to deploy PoS malware on a wider scale. Just recently, we discovered a PoS threat that piggybacks on the established Andromeda botnet to reach PoS systems.
more here....................http://blog.trendmicro.com/trendlabs-security-intelligence/angler-exploit-kit-used-to-find-and-infect-pos-systems/
Looking into its infection chain, we found that part of its reconnaissance involves searching for data related to specific websites and companies. One example would be Verifone, a company that offers solutions for electronic payments and PoS transactions. Based on the infection chain, we also believe that this attack is targeting web-based terminals.
This finding suggests that attackers are now looking for ways to deploy PoS malware on a wider scale. Just recently, we discovered a PoS threat that piggybacks on the established Andromeda botnet to reach PoS systems.
more here....................http://blog.trendmicro.com/trendlabs-security-intelligence/angler-exploit-kit-used-to-find-and-infect-pos-systems/