A sneaky new injection technique delivers LockPoS malware straight into the kernel, researchers report. This “silent” method bypasses traditional antivirus software.
LockPoS is a type of point-of-sale (PoS) malware designed to snatch credit card data from the memory of computers connected to PoS card scanners. It reads the memory of processes running on the system to look for data that looks like payment card info and sends it to the command and control servers.
There are multiple stages of unpacking and decryption in LockPoS, but Cyberbit researchers report its most interesting traits are the injection technique and routines for code injection. The team discovered a new way LockPoS is arriving on machines.
Read more about the new LockPoS injection technique, which was likely built by a group of advanced attackers, on DarkReading.