1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New point-of-sale malware Multigrain steals card data over DNS

Discussion in 'CSO' started by RSS, Apr 20, 2016.

  1. RSS

    RSS New Member Member

    Security researchers have found a new memory-scraping malware program that steals payment card data from point-of-sale (PoS) terminals and sends it back to attackers using the Domain Name System (DNS).

    Dubbed Multigrain, the threat is part of a family of malware programs known as NewPosThings, with which it shares some code. However, this variant was designed to target specific environments.

    ALSO: How to respond to ransomware threats

    That's because unlike other PoS malware programs that look for card data in the memory of many processes, Multigrain targets a single process called multi.exe that's associated with a popular back-end card authorization and PoS server. If this process is not running on the compromised machine, the infection routine exists and the malware deletes itself.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page