Kasidet POS RAM Scraper Malware

Kasidet POS Malware is a variant of Point of Sale (POS) Malware that performs DDoS attacks using Namecoin's Dot-Bit service to scrape payment card details. ^{[1] [2]} It is also known as Trojan.MWZLesson or Neutrino and was found in September 2015 by cyber security experts. ^{[3] [4]} It is a combination of BackDoor.Neutrino.50 and the POS malware. ^[5]

Operation

Kasidet POS Worm gets on a system along with the other malware or gets downloaded unknowingly when user visits malicious websites. ^{[6] [7]} This malware is different from other POS malware and it scrapes data with advanced features. ^[8] First it scrapes the POS RAM and steals payment card details. Then the scraped information is sent to the cyber criminal with intercepted GET and POST requests from the browser. ^[9] It's very difficult to detect this bot by using security programs; sometimes it's detectable in email spam campaigns and exploit kits. ^[10] The scraping capability of Kasidet has now been enhanced by the cyber criminals and it now hides C&C server in the Namecoin DNS Service Dot-Bit.

Incidents

• The US Government blamed Russian hackers for malicious Kasidet POS malware found in Democratic National Committee computers and a Burlington Electric Company laptop. ^{[11] [12] [13]} In the former case, the software was allegedly used to interfere in the 2016 election.
• Zscaler has reported that MS Office documents distributed in phishing emails contain macros that install Kasidet POS malware into user machines. ^{[7] [14]} The malware is believed to originate in Russia. ^[14]

See also

• Cyber electronic warfare
• Cyber security standards
• Cyber warfare
• List of cyber attack threat trends
• Proactive Cyber Defence
• Point-of-sale malware
• Point of sale

References

1. "What is Kasidet Malware?". Microsoft . Retrieved 2016-06-09.
2. "Kasidet uses Namecoin's Dot-Bit service to hide C&C servers". 4 August 2016. Retrieved 2016-08-04.
3. "Kasidet POS RAM Scraper Bot" . Retrieved 2016-08-23.
4. "Major Botnet Malware" . Retrieved 2015-12-03.
5. "Backdoor Neutrino Malware". 2 February 2016. Retrieved 2016-02-02.
6. "Kasidet Neutrino Malware Operation" . Retrieved 2015-09-24.
7. "Malicious Office Files Dropping Kasidet And Dridex" . Retrieved 2016-01-29.
8. "ATTACKERS DROPPING KASIDET BOT with Advanced Features". February 2016. Retrieved 2016-06-09.
9. "C&C Servers Add Third 'C' With New Concealment Tools" . Retrieved 2016-08-08.
10. "Kasidet DDOSing Bot Adds Credit Card Scraping Capabilities". 25 September 2015. Retrieved 2015-09-25.
11. "Vermont utility finds alleged Russian malware on computer". 31 December 2016. Retrieved 2017-01-01.
12. "RUSSIANS PENETRATED BURLINGTON ELECTRIC DEPARTMENT COMPUTER". 30 December 2016. Retrieved 2016-12-30.
13. "The Russians are Hacking Burlington_Electric_Department laptop". Archived from the original on 2017-01-06. Retrieved 2016-12-30.
14. "MS Office files delivering malware". February 2016. Retrieved 2016-02-01.