Tuesday, January 14, 2025
HomeCyber Security NewsUpgraded TrickBot Malware Attack Point-of-Sale Machines & Services to Steal Credit/Debit card...

Upgraded TrickBot Malware Attack Point-of-Sale Machines & Services to Steal Credit/Debit card Data

Published on

Trickbot, a Banking Trojan that involved various cyber attacks especially target the banking networks, now distributing to target the POS services and machines to steal credit cards and ATM cards bank related sensitive data.

Recently TrickBot’s malicious activities on various browsers and apps such as  Microsoft Outlook, Chrome, Firefox, IE, Edge to Steal Password & Other Sensitive Data.

Also, malware authors keeps added new futures including powerful code injection technique to evade the detection, anti-analysis technique and disable the security tools that run in the target victims computer.

Currently identified the version of Trickbot scanning for indicators of the network that provide POS related services.

A new POS infection module, psfin32 is similar to network domain harvesting module that it was used in previous attacks.

Researchers discovered POS-related terms in the module and it uses LDAP queries to access Active Directory Services (ADS) to Identifying the POS services in a network.

LDAP queries & TrickBot Infection Process

LDAP queries mainly used for searching machines that containing the Following substrings related to POS in the Global Catalog.

*POS* *LANE* *BOH* *TERM**REG* *STORE* *ALOHA* *CASH* *RETAIL* *MICROS*

It using the different LDAP queries to search the substrings and if the query does not resolve any of the requested information, it also performs other queries for different accounts or objects .

Once the Trickbot obtain the information from the target then it stored the data in pre configured file and share it into C&C server ia POST connection.

if suppose C&C server not reachable then it prompt “Dpost servers unavailable,” else it respond as  “Report successfully sent.”

According to Trend Micro Research, “Considering the module’s timing for deployment, the threat actors may be leveraging the holidays to gather information and distribution, especially after a similar entry by Brad Duncan published in ISC talked about a malspam campaign involving TrickBot macros targeting the United States.”

In this case, users and businesses are warned against opening suspicious emails, files and attachments to prevent such attacks in the future.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can check the Vulnerability Management Analysis to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...