MultigrainMalware

A new sophisticated point-of-sale or memory-scraping malware called “Multigrain” was discovered on April 17, 2016 by the FireEye Inc. security company.[1][2] Multigrain malware comes under the family of NewposThings Malware. This malware is similar to the NewposThings, FrameworkPOS and BernhardPOS malware which were known previously as notorious malware.[3][4]

Process of Multigrain malware

Multigrain uses the Luhn algorithm to validate the credit and debit card details.[5] This POS malware then infects the computer and blocks Hypertext Transfer Protocol (http) and file transfer protocol (ftp) traffic which monitors the data exfiltration.[6][7] It exfiltrates the scraped information of credit and debit card via Domain Name Server (DNS).[8][9] Then it sends the collected payment card information to a 'command and control server' server.[10][11]

Targets one POS platform

Multigrain targets specifically the Windows point of sale system, which has a multi.exe executable file.[12][13] If Multigrain gets into a POS system that does not have multi.exe then it deletes itself without leaving any trace.[14][15]

See also

References

  1. "MULTIGRAIN – POINT OF SALE ATTACKERS MAKE AN UNHEALTHY ADDITION TO THE PANTRY"
  2. "Point of Sales (POS) Evolution to DNS Exfiltration"
  3. "Multigrain" PoS Malware Exfiltrates Card Data Over DNS"
  4. "Multigrain PoS malware exfiltrates stolen card data over DNS"
  5. "New Multigrain Malware Eats Memory, Steals POS Data"
  6. "Wheat a moment: Multigrain malware uses DNS to steal POS data "
  7. "PoS Malware Steals Credit Card Numbers via DNS Requests "
  8. "New point-of-sale malware Multigrain steals card data over DNS "
  9. "DNS and Stolen Credit Card Numbers"
  10. "PoS Malware ‘Multigrain’ Steals Credit Card Details via DNS"
  11. "New PoS Malware Extracts Payment Card Data Over DNS"
  12. "NewPosThings back as Multigrain, says Fireeye"
  13. "MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry"
  14. "Multigrain Malware Targets Multi.Exe Process, Steals and Exfiltrates Data, Pretending as DNS Queries"
  15. "'Multigrain' variant of POS malware crops up; uses DNS tunneling to steal data"
This article is issued from Wikipedia - version of the 10/1/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.