Security researchers have discovered two new PoS malware dubbed as “Katrina” and “CenterPOS”. During the last few months, there was a slight decrease in the POS malware detections and as per security experts; it was due to the threat reaching its saturation point. However, with the emergence of this new PoS malware, the threat to the POS systems is from over. Katrina is believed to be the latest version of the popular PoS malware Alina (detected as ALINA) and was first spotted in underground forums in June 2015. Upon closer observation, it was found that Katrina is just an incremental update to Alina. The analysis of the findings indicates that there are no new functionalities, with only minor modifications done to User-Agent and differences in the skipped processes. The second malware, CenterPoS is a new PoS malware found in the IP where Katrina is hosted. CenterPoS uses a constant and special UserAgent, making it easy to detect from network traffic: Mozilla/4.0(compatible; MSIE 7.0b; Windows NT 6.0. At first glance, CenterPoS bears a striking resemblance to GamaPoS since it is written in Microsoft.Net. After careful inspection, however, it was found that CenterPoS had more similarities with Alina instead, borrowing from Alina’s file names and process exception list.
IT Security News
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street