POS terminal malware is constantly evolving

POS terminal malware (such as the latest POSeidon malware) is constantly evolving to avoid being detected. How should companies cope?

Malware for POS terminals is still an area of ​​active development for criminal gangs that rely on leaked credit card data to make money and seem never to be satisfied. However, as data breaches are detected and problems are resolved, credit card companies and banks have quickly distributed new cards to consumers who have leaked card information, which is good for consumers and bad for attackers.

In order to keep up with the speed of bank-replacement of affected credit cards and the detection of corporate malicious defense technologies, POS terminal (POS) malware writers need to keep their malware updates, including adopting new strategies to attack the system and taking measures to Avoid being detected.

This cat-and-mouse game will continue unless there is a fundamental change in processing payments. In this article, let's explore how the latest PoSeidon sales terminal malware works and how security teams should deal with it.

PoSeidon POS terminal malware

PoSeidon malware is a new malware for POS systems that uses RAM scraping to obtain credit card numbers, just like Zeus and BlackPoS, except that PoSeidon also includes a keylogger to get passwords and other advanced features.

When this multi-stage attack infects the local system, it downloads executable files from the hard-coded command and control server to maintain attack persistence and encode target data (credit card numbers and passwords) for transmission to the oozing server. After the malware is executed, it sets itself up as a service to start automatically to survive the system restart, and it also deletes files to reduce the chances of being discovered.

Cisco Talos researchers pointed out that many hard-coded IP addresses and domain names in this attack are in Russian. Although the use of Russian domain names, IP registration to Russian ISPs or IP geolocation in Russia does not necessarily mean that the attack was initiated by a criminal gang in Russia, Eastern Europe or China, the detection of these indicators for the attack can help companies identify these activities. Conduct further investigations.

The current infection vector has not been clearly identified, but the Talos researchers believe it may be the keylogger used in the malware. But if we don't find out how the malware enters the POS system, it's hard to identify which security controls are invalid. In addition, no vulnerabilities or exploits are found in the malware, so the infection medium may be simple and effective, such as using a USB drive to plug into a POS terminal to automatically run the malware.

How to protect against PoSeidon malware

According to the PCI data security standards, most security controls against PoSeidon malware should be deployed in the POS environment. For example, the first requirement is to install and maintain firewall settings to protect cardholder data. The specific requirement is 1.1.4. Enterprises must deploy a firewall between each Internet connection and any quarantine and internal network zone. This should prevent Access to unapproved external links and block malware from downloading executables. In addition, PCI DSS 10.6 requires auditing of log and security events for all system components to detect anomalous or suspicious activity, which should detect suspicious network connections and investigate to detect malware and possibly limit the amount of data affected.

In addition, security recommendations for mitigating RAM-scraping malware apply equally: Anti-malware technology can help block malicious access, especially anti-malware technology that monitors memory access. At the same time, whitelisting tools can block malware from executing on endpoints, and restricting inbound and outbound network access can block PoSeidon malware.

If strict IP network control is deployed in a PoSeidon-infected enterprise, it is more difficult for the malware writer to bleed to collect, download additional malware components, and connect to the command control infrastructure. Because of this, the attacker needs to determine how to ooze data on each network; this can cause the attacker to make more errors and be detected. In order to identify potentially infected terminals for further investigation, companies can also monitor DNS traffic. Talos has published several infection metrics to detect the malware, which companies can include in network or endpoint security tools. The most important attack metric should be to detect outbound connections from the POS system to the following URLs, which are less likely to cause false positives:

• wondertechmy[.]com/pes/viewtopic.php

• wondertechmy[.]ru/pes/viewtopic.php

• wondwondnew[.]ru/pes/viewtopic.php

Any POS system that sends data to the above URL must be investigated as a security incident.

For many organizations, appropriate security controls should be deployed to support PCI compliance. Small and medium-sized businesses may rely on service providers to provide POS systems and believe that service providers are responsible for maintaining POS security, but this is only an assumption; SMEs should ensure that service provider protection responsibility information is officially listed in their service contracts.

The various requirements of PCI compliance may provide more targets for attackers who have long bypassed the EMV standard. The PoSeidon malware is just another malware in the many malware used in POS attacks. Only when the enterprise deploys PCI data security standard control for the entire system can these types of malware be blocked.

Bar Table And Stool

Bar table and stool is a versatile casual option that can add character, color and texture to your kitchen or bar design - or simply offer a comfortable place to sit.


In recent years, barstools have become a popular alternative to traditional dining room chairs. Barstools appear recognizable and desirable for their height advantage over typical dining chairs. Typically, barstools give off a more casual dining vibe, especially when coupled with a counter-height table. Many homes also have high breakfast counters that also need barstools. Since every home is different, you need a barstool that matches your style and color.

· Rattan/textilene seat in a woven design for ultimate durability and strength

· Aluminum frame for a solid and sturdy foundation

· Powder coated for sophisticated looks to last

· Foot stoppers to reduce scuff marks to your flooring

· Cushions also available with 100% waterproof fabric.

Bar table and stool has many material options, rattan, textilene, aluminum powder coated etc.

Bar table and stool Bar table and stool

Bar table and stool Bar table and stool


If you have any questions, please contact with us directly. Bar table and stools are produced by Golden Eagle Outdoor Furniture With High Quality and Good Appearance. Welcome you can visit our Factory.For any inquiry,Please send mail directly to us.


Bar Table And Stool,Rattan Bar Table And Stool,Outdoor Bar Table And Stool,Garden Bar Table And Stool

Golden Eagle Outdoor Furniture Co., LTD. , https://www.gepatio.com