Malware is always our worst possible enemy and Point-of-sale is definitely a painful one of them. There are several other malware of the same malware family that steals the personal credentials of money transaction systems like banking, credit cards etc. Recently, the source code of a PoS malware named “TreasureHuner” was published on the internet. Although the reason for its publishing is not so sure, the source code is verified by security researchers from Flashpoint.
However, we’re still not resting assured. In fact, the possible is worse in the upcoming future. There can be a flood of PoS malware in the cyber world.
Valid source code
According to the security researchers at Flashpoint, the source code is valid. They confirmed that the code was consistent with the malware samples seen in the last few years.
The code was released on a Russian cybercrime forum in the last March 2018.
New threats incoming
As the source code is now open, other cybercriminals will take the opportunity to enhance it further and releasing new variants of the malware. This new wave is the most concerning part of all these. The same thing happened when the source codes of other malware like BankBot (Android banking Trojan), Tsunami (Linux/IoT DDoS & botnet), Mirai (Linux/IoT DDoS & botnet), and Zeus (Windows banking Trojan) etc. went public.
The reason(s) isn’t clear why the source code of TreasureHunter was released in public, but according to expert’s assumption, the culprit(s) behind TreasureHunter are working on a different malware strain, so they decided to dump their older works. In fact, TreasureHunter itself is pretty old as a malware, dating back to 2014 when first identified in the wild.
TreasureHunter working system
Once TreasureHunter infected a Windows machine, it injected a DLL for boot persistency. Then, it would scan for any PoS-apps related processes, extract information like payment card details from the system’s memory and finally, send the data to a remote server.
As the source code is open now, it will also help the security developers for a better understanding of the malware and help to prevent it and similar ones in the future. We’ll have to wait until TreasureHunter variants get into wild and researchers take actions to defend those.