Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Two New Point of Sale (PoS) Malware Discovered

Two New Point of Sale (PoS) Malware Discovered


Security researchers have discovered two new PoS malware dubbed as “Katrina” and “CenterPOS”. During the last few months, there was a slight decrease in the POS malware detections and as per security experts; it was due to the threat reaching its saturation point. However, with the emergence of this new PoS malware, the threat to the POS systems is from over. Katrina is believed to be the latest version of the popular PoS malware Alina (detected as ALINA) and was first spotted in underground forums in June 2015. Upon closer observation, it was found that Katrina is just an incremental update to Alina. The analysis of the findings indicates that there are no new functionalities, with only minor modifications done to User-Agent and differences in the skipped processes. The second malware, CenterPoS is a new PoS malware found in the IP where Katrina is hosted. CenterPoS uses a constant and special UserAgent, making it easy to detect from network traffic: Mozilla/4.0(compatible; MSIE 7.0b; Windows NT 6.0. At first glance, CenterPoS bears a striking resemblance to GamaPoS since it is written in Microsoft.Net. After careful inspection, however, it was found that CenterPoS had more similarities with Alina instead, borrowing from Alina’s file names and process exception list.
 
Source:
 
Trend Micro
 
SC Magazine
 
IT Security News
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis