Names | JackPOS | |
Category | Malware | |
Type | POS malware, Reconnaissance, Backdoor, Credential stealer, Botnet | |
Description | (Trustwave) Overall, this malware is quite rudimentary. A number of bugs (some of which I've mentioned in this blog post) show a lack of sophistication and, possibly, a rush on the author's part. There are a number of artifacts that link this malware family to others we've seen. The blacklist of process names is extremely similar to the ones discovered in the Alina POS malware family. Additionally, the installation path very much reminds me of the early Dexter variants. It's certainly likely that because these malware families' code has been leaked online, the author used at least some of this code as a basis for JackPOS. While the malware technically has a command and control (C&C) component to it, overall it's quite limited and not nearly as robust as other examples seen in the past. I mentioned originally that I wanted to see if JackPOS brought something special to the table. I'm going to have to answer that question with a resounding 'no' in this particular case. However, while this family does not bring any innovative characteristics to the POS malware scene, as history has taught us, it should still very much be considered a real threat. | |
Information | <https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/jackpos-the-house-always-wins/> <https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf> <https://threatpost.com/points-of-sale-poorly-secured-facing-sophisticated-attacks/106027/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.jackpos> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:jackpos> |
Last change to this tool card: 25 May 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
Unknown groups | |||||
_[ Interesting malware not linked to an actor yet ]_ |
1 group listed (0 APT, 0 other, 1 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |