CenterPOS Malware

Short description: Software targeting point of sale terminals

CenterPOS (also known as "Cerebrus") is a point of sale (POS) malware discovered Cyber Security Experts.^[1] It was discovered in September 2015 along with other kinds of POS malware, such as NewPOSThings, BlackPOS, and Alina.^[2] There are two versions which have been released by the developer responsible: version 1.7 and version 2.0.^[3] CenterPOS 2.0 has similar functionality to CenterPOS version 1.7. The 2.0 variant of CenterPOS malware added some more effective features, such as the addition of a configuration file for storing information in its command and control server.^[4]

Overview

CenterPOS has been used to target retailers in order to illegally obtain payment card information using a memory scraper.^[5] It uses two distinct modes to scrape and store information: a "smart scan" and a "normal scan".^[6] At the normal scan mode, the malware looks at all of the processes on a device and determines which ones are not currently running processes, are not named "system", "system idle process" or "idle", and do not contain keywords such as Microsoft or Mozilla. If the process meets the criteria list, the malware will search all memory regions within the process, searching for credit card data with regular expressions in the regular expression list. In smart scan mode, the malware starts by performing a normal scan, and any process that has a regular expression match will be added to the smart scan list. After the first pass, the malware will only search the processes that are in the smart scan list. The malware contains functionality that allows cybercriminals to create a configuration file.^[7]

Process Details

CenterPOS malware searches for the configuration file that contains the C&C information. If unable to find the configuration file, it asks for a password. If the password entered is correct, then it payloads the functions to create a configuration file.^[8] This malware is very different from other point of sale system malware in that it has a separate component called builder to create a payload.^[9]

The CenterPOS malware looks for the credit and debit card information through smart scan mode and then encrypts all the scraped data using Triple DES encryption.^[10] Then the memory scraped data is sent to the operator of the malware through a separate HTTP POST request.^[2]

References

↑ CenterPOS. "CenterPoS POS Malware Variant". Cyber.nj.gov. http://www.cyber.nj.gov/threat-profiles/pos-malware-variants/centerpos. Retrieved 2016-10-02.
↑ ^2.0 ^2.1 "Security Experts at FireEye discovered a new strain of POS malware dubbed CenterPOS that is threatening the retail systems". Securityaffairs.co. 2016-01-29. http://securityaffairs.co/wordpress/44051/cyber-crime/centerpos-pos-malware.html. Retrieved 2016-10-02.
↑ "Centerpos: An Evolving Pos Threat". Fireeye.com. 2016-01-28. https://www.fireeye.com/blog/threat-research/2016/01/centerpos_an_evolvi.html. Retrieved 2016-10-02.
↑ "CenterPOS – The evolution of POS malware". Iicybersecurity.wordpress.com. 2016-01-29. https://iicybersecurity.wordpress.com/2016/01/29/centerpos-the-evolution-of-pos-malware/. Retrieved 2016-10-02.
↑ Numaan Huq (2013-07-16). "A look at Point of Sale RAM scraper malware and how it works". Nakedsecurity.sophos.com. https://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scraper-malware-and-how-it-works/. Retrieved 2016-10-02.
↑ "CenterPOS: An Evolving POS Threat". Securitybloggersnetwork.com. http://securitybloggersnetwork.com/author/kristen-dennesen/page/6/. Retrieved 2016-10-02.
↑ "Two New PoS Malware Affecting US SMBs". TrendLabs. 2015-09-28. http://blog.trendmicro.com/trendlabs-security-intelligence/two-new-pos-malware-affecting-us-smbs/. Retrieved 2016-10-09.
↑ "New Version Of CenterPOS Malware Taps Rush To Attack Retail Systems". Darkreading.com. 28 January 2016. http://www.darkreading.com/vulnerabilities---threats/new-version-of-centerpos-malware-taps-rush-to-attack-retail-systems-/d/d-id/1324092?_mc=RSS_DR_EDT. Retrieved 2016-10-02.
↑ "Two new point-of-sale threats target SMBs in the U.S". Scmagazine.com. 2013-10-31. http://www.scmagazine.com/two-new-point-of-sale-threats-target-smbs-in-the-us/article/441458/. Retrieved 2016-10-02.
↑ "New Version of CenterPOS Malware Emerges". Onthewire.io. 2016-01-28. https://www.onthewire.io/new-version-of-centerpos-malware-emerges/. Retrieved 2016-10-02.

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/CenterPOS Malware. Read more

[1] CenterPOS. "CenterPoS POS Malware Variant". Cyber.nj.gov. http://www.cyber.nj.gov/threat-profiles/pos-malware-variants/centerpos. Retrieved 2016-10-02.

[auto-2] 2.0 ^2.1 "Security Experts at FireEye discovered a new strain of POS malware dubbed CenterPOS that is threatening the retail systems". Securityaffairs.co. 2016-01-29. http://securityaffairs.co/wordpress/44051/cyber-crime/centerpos-pos-malware.html. Retrieved 2016-10-02.

[3] "Centerpos: An Evolving Pos Threat". Fireeye.com. 2016-01-28. https://www.fireeye.com/blog/threat-research/2016/01/centerpos_an_evolvi.html. Retrieved 2016-10-02.

[4] "CenterPOS – The evolution of POS malware". Iicybersecurity.wordpress.com. 2016-01-29. https://iicybersecurity.wordpress.com/2016/01/29/centerpos-the-evolution-of-pos-malware/. Retrieved 2016-10-02.

[5] Numaan Huq (2013-07-16). "A look at Point of Sale RAM scraper malware and how it works". Nakedsecurity.sophos.com. https://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scraper-malware-and-how-it-works/. Retrieved 2016-10-02.

[6] "CenterPOS: An Evolving POS Threat". Securitybloggersnetwork.com. http://securitybloggersnetwork.com/author/kristen-dennesen/page/6/. Retrieved 2016-10-02.

[7] "Two New PoS Malware Affecting US SMBs". TrendLabs. 2015-09-28. http://blog.trendmicro.com/trendlabs-security-intelligence/two-new-pos-malware-affecting-us-smbs/. Retrieved 2016-10-09.

[8] "New Version Of CenterPOS Malware Taps Rush To Attack Retail Systems". Darkreading.com. 28 January 2016. http://www.darkreading.com/vulnerabilities---threats/new-version-of-centerpos-malware-taps-rush-to-attack-retail-systems-/d/d-id/1324092?_mc=RSS_DR_EDT. Retrieved 2016-10-02.

[9] "Two new point-of-sale threats target SMBs in the U.S". Scmagazine.com. 2013-10-31. http://www.scmagazine.com/two-new-point-of-sale-threats-target-smbs-in-the-us/article/441458/. Retrieved 2016-10-02.

[10] "New Version of CenterPOS Malware Emerges". Onthewire.io. 2016-01-28. https://www.onthewire.io/new-version-of-centerpos-malware-emerges/. Retrieved 2016-10-02.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Man-in-the-mobile Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Form grabbing Fraudulent dialer Malbot Keystroke logging Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Bot Roast

Anonymous

Search

CenterPOS Malware

Namespaces

More

Page actions

Contents

Overview

Process Details

See also

References

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

CenterPOS Malware

Overview

Process Details

See also

References

Navigation

Wiki tools

Page tools

Other projects

Categories