memory parser


On October 28, 2014, we encountered an even newer version of the Backoff point-of-sale (PoS) malware which we are detecting as W32/Backoff.C!tr.spy. This newest version, with version name 211G1, was compiled close to a month after its predecessor ROM. Functionality-wise, 211G1 is very similar to ROM. An in-depth description of ROM can be found in our previous post. In this blog post, we will describe the modifications made in the newest version of the Backoff PoS malware family. Installation Firstly, 211G1 is now packed with a custom packer;... [Read More]
by RSS Hong Kei Chan  |  Nov 06, 2014  |  Filed in: Security Research
A few months have passed since the release of the “Backoff” point-of-sale (PoS) malware advisory, but Backoff and other PoS malware continue to be an active threat as businesses keep reporting data breaches and the compromise of their customers’ financial information. We have recently encountered a new version of the Backoff malware family, which we are detecting as W32/Backoff.B!tr.spy. Unlike previous versions, this one no longer uses a version number in the malware body, but just uses the version name ROM. ROM performs very similarly... [Read More]
by RSS Hong Kei Chan  |  Nov 03, 2014  |  Filed in: Security Research
In a previous blog post on Dexter, we briefly mentioned a new strain of point-of sale (PoS) malware that has compromised over 4,500 credit cards in the United States and Canada. This new strain of malware, dubbed JackPOS, was detected early this year and between then and the time of writing, has had just one version, but with multiple variants. In this blog post, we look briefly at the unique attributes of JackPOS: its custom pattern matching and its command-and-control (C&C) communication. We will conclude with quick remarks on the newest... [Read More]
by RSS Hong Kei Chan  |  Jun 24, 2014  |  Filed in: Security Research
Hong Kei Chan, Junior AntiVirus Analyst Special Technical Contribution by Liang Huang, Senior Antivirus Analyst Dexter, a custom point-of-sale (POS) malware, has the ability to search through the memory of POS systems for credit and debit card information. POS malware have been making headlines this year, from Target's data breach -- where it has been reported that approximately 40 million credit and debit card accounts had been compromised (Source) -- to more recently, a new strain of POS malware compromising over 4,500 credit cards in the United... [Read More]
by RSS Hong Kei Chan  |  Mar 10, 2014  |  Filed in: Security Research