TreasureHunter PoS Malware Source Code Published!

Windows Articles

How to get the Nextcloud desktop client on Linux?

Hello friends. We already know how to install a Nextcloud server but now the client is missing. So in this post, you...

How to Backup your call and SMS history in Android

Many times we find ourselves in the situation of having to change our phone, for different reasons, and one of the questions...

Install and configure Apache Guacamole on Debian 10

Hello, friends in this post, you will learn how to install and configure Apache Guacamole in Debian 10. It will be a...

Ubuntu 20.10 available

The new version of Ubuntu is now available, under the code name "groovy gorilla". Ubuntu 20.10 focuses on improving and refining the...

Monitoring Ubuntu 20.04 with Stacer

Normally if we use Linux on a production server, it is important to monitor it. On the other hand, in everyday use, many users...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

Malware is always our worst possible enemy and Point-of-sale is definitely a painful one of them. There are several other malware of the same malware family that steals the personal credentials of money transaction systems like banking, credit cards etc. Recently, the source code of a PoS malware named “TreasureHuner” was published on the internet. Although the reason for its publishing is not so sure, the source code is verified by security researchers from Flashpoint.

However, we’re still not resting assured. In fact, the possible is worse in the upcoming future. There can be a flood of PoS malware in the cyber world.

Valid source code

According to the security researchers at Flashpoint, the source code is valid. They confirmed that the code was consistent with the malware samples seen in the last few years.

The code was released on a Russian cybercrime forum in the last March 2018.

New threats incoming

As the source code is now open, other cybercriminals will take the opportunity to enhance it further and releasing new variants of the malware. This new wave is the most concerning part of all these. The same thing happened when the source codes of other malware like BankBot (Android banking Trojan), Tsunami (Linux/IoT DDoS & botnet), Mirai (Linux/IoT DDoS & botnet), and Zeus (Windows banking Trojan) etc. went public.

The reason(s) isn’t clear why the source code of TreasureHunter was released in public, but according to expert’s assumption, the culprit(s) behind TreasureHunter are working on a different malware strain, so they decided to dump their older works. In fact, TreasureHunter itself is pretty old as a malware, dating back to 2014 when first identified in the wild.

TreasureHunter working system

Once TreasureHunter infected a Windows machine, it injected a DLL for boot persistency. Then, it would scan for any PoS-apps related processes, extract information like payment card details from the system’s memory and finally, send the data to a remote server.

As the source code is open now, it will also help the security developers for a better understanding of the malware and help to prevent it and similar ones in the future. We’ll have to wait until TreasureHunter variants get into wild and researchers take actions to defend those.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to get the Nextcloud desktop client on Linux?

Hello friends. We already know how to install a Nextcloud server but now the client is missing. So in this post, you...

How to Backup your call and SMS history in Android

Many times we find ourselves in the situation of having to change our phone, for different reasons, and one of the questions...

Install and configure Apache Guacamole on Debian 10

Hello, friends in this post, you will learn how to install and configure Apache Guacamole in Debian 10. It will be a...

Ubuntu 20.10 available

The new version of Ubuntu is now available, under the code name "groovy gorilla". Ubuntu 20.10 focuses on improving and refining the...

Monitoring Ubuntu 20.04 with Stacer

Normally if we use Linux on a production server, it is important to monitor it. On the other hand, in everyday use, many users...
x