Misplaced Pages

Kasidet POS Malware is a variant of Point of Sale (POS) Malware that performs DDoS attacks using Namecoin's Dot-Bit service to scrape payment card details. It is also known as Trojan.MWZLesson or Neutrino and was found in September 2015 by cyber security experts. It is a combination of BackDoor.Neutrino.50 and the POS malware.

Operation

Kasidet POS Worm gets on a system along with the other malware or gets downloaded unknowingly when user visits malicious websites. This malware is different from other POS malware and it scrapes data with advanced features. First it scrapes the POS RAM and steals payment card details. Then the scraped information is sent to the cyber criminal with intercepted GET and POST requests from the browser. It's very difficult to detect this bot by using security programs; sometimes it's detectable in email spam campaigns and exploit kits. The scraping capability of Kasidet has now been enhanced by the cyber criminals and it now hides C&C server in the Namecoin DNS Service Dot-Bit.

Incidents

• The US Government blamed Russian hackers for malicious Kasidet POS malware found in Democratic National Committee computers and a Burlington Electric Company laptop. In the former case, the software was allegedly used to interfere in the 2016 election.
• Zscaler has reported that MS Office documents distributed in phishing emails contain macros that install Kasidet POS malware into user machines. The malware is believed to originate in Russia.

See also

• Cyber electronic warfare
• Cyber security standards
• Cyber warfare
• List of cyber attack threat trends
• Proactive Cyber Defence
• Point-of-sale malware
• Point of sale

References

1. "What is Kasidet Malware?". Microsoft. Retrieved 2016-06-09.
2. "Kasidet uses Namecoin's Dot-Bit service to hide C&C servers". 4 August 2016. Retrieved 2016-08-04.
3. "Kasidet POS RAM Scraper Bot". Retrieved 2016-08-23.
4. "Major Botnet Malware". Retrieved 2015-12-03.
5. "Backdoor Neutrino Malware". 2 February 2016. Retrieved 2016-02-02.
6. "Kasidet Neutrino Malware Operation". Retrieved 2015-09-24.
7. ^ "Malicious Office Files Dropping Kasidet And Dridex". Retrieved 2016-01-29.
8. "ATTACKERS DROPPING KASIDET BOT with Advanced Features". February 2016. Retrieved 2016-06-09.
9. "C&C Servers Add Third 'C' With New Concealment Tools". Retrieved 2016-08-08.
10. "Kasidet DDOSing Bot Adds Credit Card Scraping Capabilities". 25 September 2015. Retrieved 2015-09-25.
11. "Vermont utility finds alleged Russian malware on computer". 31 December 2016. Retrieved 2017-01-01.
12. "RUSSIANS PENETRATED BURLINGTON ELECTRIC DEPARTMENT COMPUTER". 30 December 2016. Retrieved 2016-12-30.
13. "The Russians are Hacking Burlington_Electric_Department laptop". Archived from the original on 2017-01-06. Retrieved 2016-12-30.
14. ^ "MS Office files delivering malware". February 2016. Retrieved 2016-02-01.

This malware-related article is a stub. You can help Misplaced Pages by expanding it.

• v
• t
• e

• Windows malware
• Computer worms
• Malware stubs