Published on March 30th, 2016 📆 | 7283 Views ⚑0
Newest malware ‘Treasurehunt’ stealing Payment card data of Americans
Black hat hackers has developed a new malware 'Treasurehunt' which extracts the payment card data from the memory after enumerating the running process. After extracting the data from payment card, Treasurehunt forwards it to a command and control (CnC) server. Once the data of victim is stolen; hacker sell the extracted details in black markets.
There have been many malwares similar to the Treasurehunt which black hat hackers labelled as Point-of-sale (POS) in their underground forums. Last year security researchers has found more than dozen of POS malwares.
"Target" was one of the many big corporations targeted by these black hat hackers last year; it forces the retail giant to upgrade their systems. But not every business can afford the new certified systems because of the sky-high cost, it has now provided a big opportunity to hackers. That's why those small businesses now become the primary target of these criminals.
FireEye a cyber security firm was the first to discover this newest malware, which is targeting the thousands of U.S citizens all over the country. Nart Villeneuve security researcher on FireEye's blog post said, "Criminals appear to be racing to infected POS systems in the United States before U.S. retailers complete this transition".
He further wrote that "In a typical scenario, Treasurehunt would be implanted on a POS system through the use of previously stolen credentials or through brute forcing common passwords that allow access to poorly secured POS systems."
These POS malwares including Treasurehunt are easily available on dark web if you are willing to pay the right price. Those tools available for FREE on dark web are not often as effective as the purchased ones. These free tools are mostly outdated or their source code may have been disclosed, which makes them easier to detect by security software. Average 60 million shoppers in U.S and Canada are effected from payment system hacks in past two years.