Cyber-criminals and fraudsters have started targeting employees working on Point-of-Sales terminals in order to get their hands on card details.
There is now evidence that social engineering and spear phishing emails are actively being used and have become the next attack method against employees who have access to payment applications, virtual terminals and electronic cash registries.
The new malware is named NitlovePOS [Virus Total Detection Rate] and it targets track one and track two data by scanning the processes running. In other words, it is yet another memory-scraping malware that sends the captured data to a remote server over SSL.
Researchers from the security firm FireEye came across a widespread spam campaign originating from spoofed Yahoo! Mail accounts regarding job enquires that came with an attached resume (Curriculum Vitae) of the candidate.
The fake resumes were named as named CV_[4 numbers].doc or My_Resume_[4 numbers].doc and found to contain macros waiting to be executed. Once the resume is opened, the macro attempts to download and install malware to the system. In order to trick the user into allowing the execution of the macro, the document claimed to be a “protected document.”
The emails sent, had a number of different subjects, mostly to avoid being filtered by the Anti-Spam engines:
Employees must understand why they must not use the host running the ECR for browsing the web, accessing social media, play games or load files through USB sticks.
Find more technical details about the NitlovePOS malware here
There is now evidence that social engineering and spear phishing emails are actively being used and have become the next attack method against employees who have access to payment applications, virtual terminals and electronic cash registries.
Researchers from the security firm FireEye came across a widespread spam campaign originating from spoofed Yahoo! Mail accounts regarding job enquires that came with an attached resume (Curriculum Vitae) of the candidate.
The fake resumes were named as named CV_[4 numbers].doc or My_Resume_[4 numbers].doc and found to contain macros waiting to be executed. Once the resume is opened, the macro attempts to download and install malware to the system. In order to trick the user into allowing the execution of the macro, the document claimed to be a “protected document.”
The emails sent, had a number of different subjects, mostly to avoid being filtered by the Anti-Spam engines:
- Subject: Any Jobs?
- Subject: Any openings?
- Subject: Internship
- Subject: Internship questions
- Subject: Internships?
- Subject: Job Posting
- Subject: Job questions
- Subject: My Resume
- Subject: Openings?
Employees must understand why they must not use the host running the ECR for browsing the web, accessing social media, play games or load files through USB sticks.
Find more technical details about the NitlovePOS malware here
No comments:
Post a Comment