MultigrainMalware

A new sophisticated point-of-sale or memory-scraping malware called “Multigrain” was discovered on April 17, 2016 by the FireEye Inc. security company.[1][2] Multigrain malware comes under the family of NewposThings Malware. This malware is similar to the NewposThings, FrameworkPOS and BernhardPOS malware which were known previously as notorious malware.[3][4]

Process of Multigrain malware

Multigrain uses the Luhn algorithm to validate the credit and debit card details.[5] This POS malware then infects the computer and blocks Hypertext Transfer Protocol (http) and file transfer protocol (ftp) traffic which monitors the data exfiltration.[6][7] It exfiltrates the scraped information of credit and debit card via Domain Name Server (DNS).[8][9] Then it sends the collected payment card information to a 'command and control server' server.[10][11]

Targets one POS platform

Multigrain targets specifically the Windows point of sale system, which has a multi.exe executable file.[12][13] If Multigrain gets into a POS system that does not have multi.exe then it deletes itself without leaving any trace.[14][15]

gollark: That is *weirdly* low-resolution.
gollark: <@509849474647064576> Deal with this.
gollark: You have a "Victus by HP Laptop"?!
gollark: Your sysadmin probably knows the details of *your* infrastructure and code specifically.
gollark: At osmarks.net, we use *highly* stable Arch Linux.

See also

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.