Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Angler Exploit Kit Used to Find and Infect PoS Systems

Angler Exploit Kit Used to Find and Infect PoS Systems


Security researchers have found that an attack aiming to infect PoS systems was found using the Angler Exploit Kit to push a PoS reconnaissance Trojan, This Trojan, detected as TROJ_RECOLOAD.A, checks for multiple conditions in the infected system like if it is a PoS machine or part of a PoS network. It then proceeds to download specific malware depending on the conditions met. It has also been found that the malware utilizes the fileless installation capability of the Angler Exploit Kit to avoid detection. The Angler Exploit Kit often uses malvertisements and compromised sites as the starting point for infection. For this specific incident, we found that the infection chain takes advantage of two Adobe Flash vulnerabilities (CVE-2015-0336 and CVE-2015-3104). After exploiting either vulnerabilities, the Trojan, detected as TROJ_RECOLOAD.A, finds its way to the system.
 
Source:
 
Trend Micro
 
Team Cymru
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis