July 14, 2015

BernhardPOS – New POS Malware Discovered by Morphick

July 14, 2015/ Nick Hoffman

Yet another new credit card dumping utility has been discovered. BernhardPOS is named after (presumably) it’s author who left in the build path of “C:bernhardDebugbernhard.pdb” and also uses the name Bernhard in creating the mutex “OPSEC_BERNHARD”. This utility does several interesting things to evade antivirus detection. We’ll talk over some of them in detail. Details about the sample, including a hash are available at the end of this writeup.

March 02, 2015

LogPOS – New Point of Sale Malware Using Mailslots

March 02, 2015/ Morphick Cyber Security/ Jeremy Humble

Morphick Security has discovered new malware which we’re calling LogPOS. It has several notable differences from recent POS malware.

January 08, 2015

Getmypass Point of Sale Malware Update

January 08, 2015/ Nick Hoffman

Encryption by default will now also help this malware evade tools that scour hard drives looking for structures that resemble track data. The support for multiple backup files will also enable the operators to move quickly. With the older copy, the malware authors used to have to dump processes and then backup the results file. Now they can edit the configuration file on the fly and the results get stored into a secondary file. Less clicks, less movement.

The Lab Blog

BernhardPOS – New POS Malware Discovered by Morphick

LogPOS – New Point of Sale Malware Using Mailslots

Getmypass Point of Sale Malware Update

Morphick

@MorphickDefense

Recent Posts From The Lab

Get Updates from Us!