1. Prvtzone Official Domains: prvtzone.WS - prvtzone.SU; TOR-BROWSER link: prvtzone7mq377pw.onion

North Americans Targeted By New Majikpos Dual Threat Malware

Discussion in 'Carding News/Press' started by visa, Mar 17, 2017.

Tags:
  1. visa

    visa Staff Member Moderator

    Joined:
    Aug 10, 2014
    Messages:
    235
    Likes Received:
    205
    Dislikes Received:
    0
    Trophy Points:
    133
    Reputation:
    47
    A new POS (Point Of Sale) malware family is targeting payment systems in the US and Canada. Called MajikPOS, this new strain features a modular design and support for many features often found in RAT (Remote Access Trojans), allowing crooks to scout and select which systems they want to infect.

    Detected by the Trend Micro team, the malware was picked up on security scanners for the first time around January 28, 2017. Nonetheless, newly unearthed evidence revealed MajikPOS first infected systems between August and November 2016.

    How MajikPOS infects systems
    According to researchers, the malware authors scanned for open VNC and RDP ports and used brute-force attacks to guess weak credentials.

    After they breached one of these random networks, they downloaded and installed MajikPOS. For downloading the malware, Trend Micro says attackers used different techniques, ranging from VNC, RDP, RAT access, command-line FTP, and even a modified version of Ammyy Admin remote control software package.

    Following this point, the malware gathered information on each victim, and using modules specific to RATs, allowed crooks to scan for local computers handling financial details.

    When attackers found workstations handling POS data, the MajikPOS malware would download a memory-scraping module that would monitor the device's RAM for anything that remotely looked like financial information.

    This memory scraping module would collect payment card data entered in the POS software and would send this information to its C&C server.

    MajikPOS stolen data sold on specialized dump shops
    According to Trend Micro, MajikPOS was part of a well-organized cyber-crime ring. Stolen data would be sent to a server nicknamed Magic Panel.

    Crooks would then sift through all the stolen information and put it up for sale via a network of "dump shops," called Magic Dump.

    Payment card data would be sold here one ID at a time for prices ranging from $9 to $39, or in bulk packages of 25, 50, and 100 IDs, priced at $250, $400, and $700, respectively.

    The prices were different based on the victim's payment card type. Trend Micro says the MajikPOS dumps contained data from American Express, Diners Club, Discover, Maestro, Mastercard, and Visa cards.

    [​IMG]

    Security experts estimate that crooks used MajikPOS to steal at least 23,400 payment card details, mostly from people in the US and Canada, with a few isolated victims from Australia as well.

    A timeline of the MajikPOS operation is available in the graph below.

    [​IMG]

    MajikPOS, which is written in .NET, is not the first POS malware to feature a modular design, which has become very popular with POS malware in the past year. For example, the FastPOS, Gorynych and ModPOS malware strains feature a similar modular architecture.

    In October 2016, Guardicore identified Trojan.sysscan, a trojan that operated very similarly to MajikPOS, but Trojan.sysscan was coded in Delphi, not .NET.
     
    DbaseJob likes this.
  2. DbaseJob

    DbaseJob DbaseJob School / Tools / ONLY PM OR RICOCHET Staff Member Moderator

    Joined:
    Jan 26, 2017
    Messages:
    506
    Likes Received:
    316
    Dislikes Received:
    4
    Trophy Points:
    133
    Reputation:
    20
    in clear for decoding, just scanning a specific port over american ip adress, found some open and try to bruteforce with default or comon user password word, that's it.
    hahahahahahahahahaha
    people think hacking is like matrix 4 but when i read your article is looking like a normal beginner hack
    yea every target are not secure if no one never attack. true
    only a stealer is affraid to be steal
    peace
     
  3. Jhonroot

    Jhonroot Newcomer

    Joined:
    Aug 7, 2016
    Messages:
    4
    Likes Received:
    1
    Dislikes Received:
    0
    Trophy Points:
    3
    Reputation:
    0
    +1
     
    DbaseJob likes this.

Share This Page