Request A Demo
  • Blog Post

Method: TreasureHunter Point-of-Sale Malware source code leak may spawn new variants

The TreasureHunter Point-of-sale (PoS) malware has appeared to have made a return to the spotlight.  A top-tier Russian-speaking forum reportedly leaked the malware’s source code, GUI and admin panel in March 2018.  

A 2016 investigation by FireEye was able to provide a detailed analysis of the malware, which was first deployed in late 2014. Not overly complex, the malware was reported to gain access to poorly secured PoS systems via the use of stolen credentials. In brief, once the malware was installed, persistence was created through a registry ‘run’ key. This key would then run the malware at startup and would scan the device memory, going after primary account numbers, separators and service codes, among others. The harvested data was then sent to a CnC server through HTTP POST requests.

According to Flashpoint, the malware originally had a limited reach and was linked to the underground dump seller “BearsInc”. The reasons for the source code to be released in the open remain unknown, one of the possible consequences would be the spawning of PoS threats against hospitality and retail businesses. Flashpoint warns that based on previous code leaks such as the Zeus banking Trojan or the Alina malware, the leak could result in increased activity by cybercriminals exploiting the information to build their own new variant of the malicious software. As a matter of fact, underground conversations appear to be ongoing on how to improve and weaponize the leaked TreasureHunter source code. On the other hand, the code leak will provide security professionals with invaluable insight into the malware’s operations.

Proficio Threat Intelligence Recommendations:

  • Consider utilizing data loss prevention [DLP] solutions, designed to protect highly sensitive information
  • Consider employing end-to-end encryption starting from the point-of-swipe, which allows to encrypt the customers’ data throughout the whole payment process
  • Consider testing the devices and their implementation procedures, especially if put in place by third parties
  • Consider monitoring for unusual activity on the actual PoS machines

General Info – Click Here

Recent Blog Posts

Stay Ahead of Evolving Threats

Signup for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.

REQUEST A DEMO

Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.

North America

+1.800.779.5042
info@proficio.com

APAC

+65.6996.9185

EMEA

+34.937.370.358

Services

ProSOC MDR
Risk Based Vulnerability Management
Cyber Exposure Monitoring
Active Defense Response
View All Services

Partners

Partner Login
Channel Partners
Technology Partners
MSP Partners
Become A Partner

Stay Ahead of Evolving Threats

Signup for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team


By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.

Solutions

24/7 Security Operations
Accelerate Your SIEM Deployment
Identify Targeted Attacks
Mitigate Threats to Prevent Breaches
Improve MTTD & Reduce False Positives
Protect Your Identities
Protect Your Endpoints

 

Protect Your Cloud 
Protect Your Network
Meet Cyber Insurance Requirements
Enhance Reporting & Business Intelligence
Compliance Assurance

Resources

Resource Center
Guides
Case Studies
Reports 
Datasheets
Videos
Webinars
White Paper

Company

About Us
Leadership
Awards
Blog
Press Releases
News
Events
Careers
Contact Us

© 2024 Proficio. All Rights Reserved. Privacy Notice & Cookie Policy | Terms of Use