Monday, April 28, 2025
HomeComputer SecurityPowerful Point-of-Sale Malware "TreasureHunter " Source Code Leaked Online

Powerful Point-of-Sale Malware “TreasureHunter ” Source Code Leaked Online

Published on

SIEM as a Service

Follow Us on Google News

A  long-established Point-of-sale Malware TreasureHunter source code leaked online on Russian based underground forum.

Leaked source code including the malware’s graphical user interface builder and administrator panel.

This code will extremely helpful for cybercriminals to build their own Point-of-sale Malware and they can add their own future and controls.

- Advertisement - Google News

TreasureHunter Malware initially discovered by SANS and it has been used as a mutex to evade detection and maintain its persistence.

Point-of-sale malware attack history impact has been extracted more than 100 million payment card by hackers that target around 2013,2014.

This availability of the source code will lead to developing another version of this malware by adding new function and attack vector will be increased rapidly.

This malware original developer belongs to Russia and he is very proficient in English mainly this malware appears to have been developed for the notorious underground shop dump seller “BearsInc,” who maintained a presence on various low-tier and mid-tier hacking and carding communities.

Malware Behaviour and Source Code Insights

TreasureHunter Malware Spawn many of other point-of-sale malware Functionality and it can maintain its persistence by creating a registry key that runs the malware at startup.

According to flashpoint, If an attacker has access to a Windows-based server and the point-of-sale terminal then it can able to enumerates running processes and scans device memory looking for track data, including primary account numbers (PANs), separators, service codes etc.

Later it connects to its command & control server and sends the stolen data to the attacker.

Source code of Point-of-Sale Malware

This source project internally called as trhutt34C and it was completely written in C but no  C++ future has been added and compiled originally in  Visual Studio 2013 on Windows XP.TreasureHunter

TreasureHunter source code

TreasureHunter Developers are keep increase the various advanced techniques such as including anti-debugging, code structure improvement, and gate communication logic.

TreasureHunter Malware using some of the key element to utilize the e stolen dump, such as unique machine information

typedef struct dumpsHolder {
TCHAR *lpFileName;
int lpFileNameLength;
int procID;
char *trackArr;
int trackArrLength;
} dumpsHolder;

It also using service codes to n scraping credit card track data also it modifying the Registry to perform auto start Process.

TreasureHunter Malware developer also provides a lot of hints to redesign the malware or improvement code snippets.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical FastCGI Library Flaw Exposes Embedded Devices to Code Execution

A severe vulnerability (CVE-2025-23016) in the FastCGI library-a core component of lightweight web server...

Viasat Modems Zero-Day Vulnerabilities Let Attackers Execute Remote Code

A severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including...

Obfuscation Techniques: A Key Weapon in the Ongoing War Between Hackers and Defenders

Obfuscation stands as a powerful weapon for attackers seeking to shield their malicious code...

React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values

The widely used React Router library, a critical navigation tool for React applications, has...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Electromagnetic Side-Channel Analysis of Cryptographically Secured Devices

Electromagnetic (EM) side-channel analysis has emerged as a significant threat to cryptographically secured devices,...

Millions of RSA Keys Exposed, Revealing Serious Exploitable Flaws

A recent study has highlighted a significant vulnerability in RSA keys used across the...

Routers Under Attack as Scanning Attacks on IoT and Networks Surge to Record Highs

In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT)...