Recently, Trend Micro reported on a new variant of BlackPOS malware that added the ability to appear as if it were an anti-virus product, as well as more sophisticated methods for scraping credit card numbers from memory.
Brian Krebs is now reporting that this variant appears to have been the point-of-sale malware of choice by the group who compromised Home Depot.
In both the Target and Home Depot breaches, the same malware family was used and the stolen credit card numbers sold through the same underground carding site Rescator[dot]cc, leading Krebs to believe it might be the same group.
Details of the Home Depot breach are still being investigated; however, it is assumed that all stores were affected and were compromised for several months. The breach came after the U.S. government issued an advisory for another point-of-sale malware discovered in the wild called ‘BackOff,’ leading many to assume it was the malware used in the Home Depot breach.
File Details (courtesy of Malwr)
|FILE SIZE||134656 bytes|
|FILE TYPE||PE32 executable (console) Intel 80386, for MS Windows|