As the number of active attacks on US merchants continues to rise (we’re up to six now), InterCrawler CEO Andrew Komarov believes he has discovered the identity of the author of the BlackPOS malware, modified versions of which have apparently used in the Target and Neiman Marcus breaches.
He scoured underground forums for information about the malware and says that BlackPOS was initially dubbed “Kaptoxa” (“potatoe” in Russian slang), its first version was created in March 2013, and its creator is a 17-year-old from St. Petersburg that goes by the online handle “Ree” (“ree4”).
Since then, the teenager has apparently sold over 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries, including the owners of underground credit cards shops, claims Komarov. He also says that several copies of the malware were sold by the teenager in the form of source code, and that he has modified the malware on demand in various occasions.
He was apparently asking $2,000 for the malware, or occasionally a percent of the stolen info. He also seems to have started his career as hacker by offering social account hacking services and by teaching others how to mount DDoS attacks.
InterCrawler researchers have also tied this malicious actor with a VK social profile, and posit that he might be one of a group of hackers with roots in St. Petersburg.