Skip to content ↓ | Skip to navigation ↓

Recently, Trend Micro reported on a new variant of BlackPOS malware that added the ability to appear as if it were an anti-virus product, as well as more sophisticated methods for scraping credit card numbers from memory.

Brian Krebs is now reporting that this variant appears to have been the point-of-sale malware of choice by the group who compromised Home Depot.

In both the Target and Home Depot breaches, the same malware family was used and the stolen credit card numbers sold through the same underground carding site Rescator[dot]cc, leading Krebs to believe it might be the same group.

Details of the Home Depot breach are still being investigated; however, it is assumed that all stores were affected and were compromised for several months. The breach came after the U.S. government issued an advisory for another point-of-sale malware discovered in the wild called ‘BackOff,’ leading many to assume it was the malware used in the Home Depot breach.

File Details (courtesy of Malwr)

FILE NAME FrameworkServiceLog.exe
FILE SIZE 134656 bytes
FILE TYPE PE32 executable (console) Intel 80386, for MS Windows
MD5 b57c5b49dab6bbd9f4c464d396414685
SHA1 98dbaeb6d46bd09eca002e1f2b6f3e76fd3222cd
SHA256 b579c8866f7850110a8d2c7cc10110fa82f86a8395b93562f36e9f500a226929