Fresh GamaPoS Malicious Program Disseminated through Andromeda Botnet

According to Trend Micro the security company, cyber-crooks are hunting PoS (point-of-sale) computers for contaminating with their fresh GamaPoS malware, which digs into computer memory, and is being disseminated via Andromeda a massive sized army of bots with an existence from 2011.

Since long, attackers have been practicing contamination of PoS devices via guessing alternatively, seizing credentials that help gain access remotely. In continuation of that, a large numbers of PoS hacks during past few years have led several companies towards adopting security measures for their processes of remote accession. Consequently, cyber-crooks don't find this attack medium lucrative enough.

This perhaps is the reason why the gang perpetrating GamaPoS is doing it by a separate tactic. Rather than directly attack point-of-sale devices through the Internet the perpetrators are reaching them through the trustworthy inside PC-networks of organizations.

The assaults begin with spam mails carrying the malware and posing as containing documents, which comply with the Payment Card Industry Data Security Standard (PCI DSS), else software updates essential for safeguarding computers from the lately unearthed malicious program MalumPs. There are malevolent macros inside the attachments which plant backdoor for delivering the GamaPoS.

Trend Micro states that the above description implies that the assault executes one spam run for spreading Andromeda backdoors, contaminates PCs with malicious PoS program, followed with expecting seizure of target PoS devices from among massive volumes. As per approximate computations, GamaPoS may've just struck 3.8% of the systems impacted with Andromeda, the security company adds. Securityaffairs.com published this, July 17, 2015.

Trend Micro's researchers further found that the miscreants employed the backdoor for taking down programs with which other computers of the impacted PC-networks could be hacked followed with making lateral movements thereafter.

The malware reportedly contaminated computers within various industries such as consumer electronics, online retail and home healthcare. Several organizations in USA and a few in Canada's Vancouver province too may've been impacted.

Enterprises, which utilize payment cards like Maestro and Discovery are endangered with losing the sensitive information of their customers, caution the researchers, while recommend deployment of proper spam filters which scan attachments for malware.

» SPAMfighter News - 7/27/2015