A long-established Point-of-sale Malware TreasureHunter source code leaked online on Russian based underground forum.
Leaked source code including the malware’s graphical user interface builder and administrator panel.
This code will extremely helpful for cybercriminals to build their own Point-of-sale Malware and they can add their own future and controls.
TreasureHunter Malware initially discovered by SANS and it has been used as a mutex to evade detection and maintain its persistence.
Point-of-sale malware attack history impact has been extracted more than 100 million payment card by hackers that target around 2013,2014.
This availability of the source code will lead to developing another version of this malware by adding new function and attack vector will be increased rapidly.
This malware original developer belongs to Russia and he is very proficient in English mainly this malware appears to have been developed for the notorious underground shop dump seller “BearsInc,” who maintained a presence on various low-tier and mid-tier hacking and carding communities.
TreasureHunter Malware Spawn many of other point-of-sale malware Functionality and it can maintain its persistence by creating a registry key that runs the malware at startup.
According to flashpoint, If an attacker has access to a Windows-based server and the point-of-sale terminal then it can able to enumerates running processes and scans device memory looking for track data, including primary account numbers (PANs), separators, service codes etc.
Later it connects to its command & control server and sends the stolen data to the attacker.
This source project internally called as trhutt34C and it was completely written in C but no C++ future has been added and compiled originally in Visual Studio 2013 on Windows XP.TreasureHunter
TreasureHunter Developers are keep increase the various advanced techniques such as including anti-debugging, code structure improvement, and gate communication logic.
TreasureHunter Malware using some of the key element to utilize the e stolen dump, such as unique machine information
typedef struct dumpsHolder {
TCHAR *lpFileName;
int lpFileNameLength;
int procID;
char *trackArr;
int trackArrLength;
} dumpsHolder;
It also using service codes to n scraping credit card track data also it modifying the Registry to perform auto start Process.
TreasureHunter Malware developer also provides a lot of hints to redesign the malware or improvement code snippets.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…