The malware in question is the privately sold Chewbacca Trojan, which is a two-pronged threat that uses the Tor anonymity network to hide its communication with the attackers’ command and control infrastructure. FREE PASCAL 2.7.1 DOWNLOAD SOFTWAREĬhewbacca not only infects point-of-sale terminals with the RAM scraping malware in order to steal payment card data before it is encrypted, but also drops keylogging software onto compromised systems. Researchers at RSA Security discovered the criminal campaign and say it has found malware samples used in 10 countries, primarily in the United States and the Russian Federation. Will Gragido, senior manager at RSA FirstWatch, the company’s research arm, said the command and control server they intercepted has been taken offline-likely by its Ukrainian handlers rather than law enforcement-putting a halt to the campaign. Gragido said the criminals had their hands on 49,330 credit card numbers and there were 24 million transaction records on the attackers’ server. “It’s a sloppily put-together piece of code it’s not the most sophisticated code, but it seems effective.” “It’s actually a mixture of industries that have been hit: some broadband providers were impacted, retailers, supermarkets, gas stations, and other associated businesses,” Gragido said. The original Chewbacca samples were found in October and reported by Kaspersky Lab’s Global Research and Analysis Team in December. ![]() While the original attack vector is not yet understood, Chewbacca’s behaviors are pretty self-evident. Chewbacca finds running processes on compromised computers, reads process memory, drops a keylogger and is able to move that information off of infected machines, said Marco Preuss, director of research for Kaspersky Lab in Europe. The malware is a PE32 executable compiled with Free Pascal 2.7.1 its 5 MB file includes the Tor executable, which the attackers use to move data and communication between infected POS terminals and servers, and the attackers.
0 Comments
Leave a Reply. |