Microsoft Patches Windows Zero-Day Leveraged in PoS Attacks

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Microsoft patched a zero-day vulnerability in the Windows operating system that was used in real-world attacks to escalate user privileges and help crooks deliver malware to PoS (Point of Sale) systems.

Security firm FireEye says the criminal group behind this campaign targeted more than 100 North American businesses, mainly in the retail, hospitality and restaurant industries.

The group created its own brand of malware

The company also reveals the presence of two never seen before malware families, PUNCHBUGGY and PUNCHTRACK, used only by this threat group.

PUNCHBUGGY is a simple DLL file, but modified to allow crooks to request and download files from a remote server via HTTPS. PUNCTRACK is a classic PoS malware that can scrape the memory of PoS systems for Track 1 or Track 2 card data.

FireEye says that on March 8, they saw a new exploit against the Windows platform employed in this group's campaign.
Microsoft Patches Windows Zero-Day Leveraged in PoS Attacks
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top