A new sophisticated point-of-sale or memory-scraping malware called "Multigrain" was discovered on April 17, 2016 by the FireEye Inc. security company. [1] [2] Multigrain malware comes under the family of NewposThings Malware. This malware is similar to the NewposThings, FrameworkPOS and BernhardPOS malware which were known previously as notorious malware. [3] [4]
Multigrain uses the Luhn algorithm to validate the credit and debit card details. [5] This POS malware then infects the computer and blocks Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) traffic which monitors the data exfiltration. [6] [7] It exfiltrates the scraped information of credit and debit card via Domain Name Server (DNS). [8] [9] Then it sends the collected payment card information to a 'command and control server' server. [10] [11]
Multigrain targets specifically the Windows point of sale system, which has a multi.exe executable file. [12] [13] If Multigrain gets into a POS system that does not have multi.exe then it deletes itself without leaving any trace. [14] [15]