New POS Trojan created by mixing code from older malware

“A newly discovered POS Trojan is a perfect example of how easy it is for malware makers to come up with new malware – they can simply recycle code used in older malicious software.

Trojan.MWZLesson, as Dr. Web researchers have dubbed it, is nothing particularly special: it infects POS terminals, searches the compromised device’s RAM for bank card data, and sends it and other intercepted information (from GET and POST requests sent from the infected machine’s browsers) to a command and control server operated by cyber crooks.

Trojan.MWZLesson can update itself, download and run additional files, find specific documents, and even mount an HTTP Flood attack.

But what’s interesting is that an analysis of the code revealed that the Trojan is a crippled version of the Neutrino backdoor, which has much wider capabilities (checks for virtual machines and debuggers, gathers information about the infected system, removes other malware, steals different kinds of data, logs keystrokes, infect computers on a LAN and removable media, and more).

The author has also borrowed code from the Dexter POS Trojan – to be precise, the code for the module that checks the device’s RAM for bank card data.”

Share this
You are reading

New POS Trojan created by mixing code from older malware