Cybersecurity experts, in association with an ethical hacker from the International Institute of Cyber Security reported the emergence of a new malware variant designed to intercept payment card numbers; the malware has been circulating through some malicious hacker forums.
This malware, known as GlitchPOS, is available for purchase on some hacking forums hosted on dark web, mentioned the ethical hacker from the IICS. This malicious software was first detected in February and the number of hackers who have bought or used it is still unknown.
“We recently discovered a new malware variant against points of sale available in criminal forums”, the research experts mentioned. “Also, we found the payloads associated with the malware, its infrastructure and its control panel”.
According to researchers, this malware has a functional design and is very easy to use; “No advanced hacking skills are required to run GlitchPOS,” added the ethical hacker. The attackers have been deploying the malware through a malicious email, by disguising it as a very simple videogame.
The malware is protected by a packer developed in VisualBasic, which decrypts a library (the payload of malware) encrypted with the UPX packer. “When the payload is decrypted, GlitchPOS is executed, which captures the point of sale system memory”.
As for the payload, this is really very small and has few functions, such as registering infected systems, receiving tasks from C2, and extracting the payment card data.
The experts believe that, before GlitchPOS, the developers had already designed more malicious code, since they consider that Edbitss, author of the malware, had already participated in the development of the DiamondFox L!NK botnet, which gives criminals the resources they need to carry out a wide variety of attacks, such as DDoS attacks or credential theft. The researchers found several similarities between this botnet and GlitchPOS, so they believe that both were developed by the same hacker.
Attacks with GlitchPOS have become very popular over the past month. Companies like Forever 21 have revealed that they have been victims of this malware, which would have compromised customers from multiple retail stores.
A point-of-sale solutions developer announced that GlitchPOS has committed these systems mainly to restaurants and clothing stores.