MultigrainMalware

From HandWiki

A new sophisticated point-of-sale or memory-scraping malware called "Multigrain" was discovered on April 17, 2016 by the FireEye Inc. security company.[1][2] Multigrain malware comes under the family of NewposThings Malware. This malware is similar to the NewposThings, FrameworkPOS and BernhardPOS malware which were known previously as notorious malware.[3][4]

Process of Multigrain malware

Multigrain uses the Luhn algorithm to validate the credit and debit card details.[5] This POS malware then infects the computer and blocks Hypertext Transfer Protocol (http) and file transfer protocol (ftp) traffic which monitors the data exfiltration.[6][7] It exfiltrates the scraped information of credit and debit card via Domain Name Server (DNS).[8][9] Then it sends the collected payment card information to a 'command and control server' server.[10][11]

Targets one POS platform

Multigrain targets specifically the Windows point of sale system, which has a multi.exe executable file.[12][13] If Multigrain gets into a POS system that does not have multi.exe then it deletes itself without leaving any trace.[14][15]

See also

References

  1. "MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry". https://www.fireeye.com/blog/threat-research/2016/04/multigrain_pointo.html. 
  2. ""Point of Sales (POS) Evolution to DNS Exfiltration"". https://community.infoblox.com/cixhp49439/attachments/cixhp49439/SecurityBlog/8/2/CTA-2016-02.1-POS_Multigrain.pdf. 
  3. ""Multigrain" PoS Malware Exfiltrates Card Data Over DNS | SecurityWeek.Com". 20 April 2016. https://www.securityweek.com/multigrain-pos-malware-exfiltrates-card-data-over-dns. 
  4. "Multigrain PoS malware exfiltrates stolen card data over DNS". April 20, 2016. https://securityaffairs.co/wordpress/46496/malware/multigrain-pos-malware.html. 
  5. "New Multigrain Malware steals Point of Sale Data Over DNS". https://securebox.comodo.com/blog/pos-security/new-multigrain-malware-eats-memory-steals-pos-data/. 
  6. "Wheat a moment: Multigrain malware uses DNS to steal POS data "
  7. Cimpanu, Catalin (19 April 2016). "PoS Malware Steals Credit Card Numbers via DNS Requests". https://news.softpedia.com/news/pos-malware-steals-credit-card-numbers-via-dns-requests-503180.shtml. 
  8. Constantin, Lucian (April 20, 2016). "New point-of-sale malware Multigrain steals card data over DNS". https://www.computerworld.com/article/3058784/new-point-of-sale-malware-multigrain-steals-card-data-over-dns.html. 
  9. "DNS and Stolen Credit Card Numbers". https://www.circleid.com/posts/20160420_dns_and_stolen_credit_card_numbers/. 
  10. Stoyanov, Daniel (April 21, 2016). "PoS Malware 'Multigrain' Steals Credit Card Details via DNS". https://www.virusguides.com/pos-malware-multigrain-steals-credit-card-details-via-dns/. 
  11. "SASE Solution - Secure Access Service Edge". https://www.fortinet.com/products/sase. 
  12. Chirgwin, Richard. "VXers pass stolen card data over DNS". https://www.theregister.com/2016/04/20/vxers_pass_stolen_card_data_over_dns/. 
  13. ""MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry"". http://www.itsecuritynews.info/2016/04/19/multigrain-point-of-sale-attackers-make-an-unhealthy-addition-to-the-pantry/. 
  14. "Multigrain Malware Targets Multi.Exe Process, Steals and Exfiltrates Data, Pretending as DNS Queries". http://www.spamfighter.com/News-20236-Multigrain-Malware-Targets-MultiExe-Process-Steals-and-Exfiltrates-Data-Pretending-as-DNS-Queries.htm. 
  15. "Article 29 Working Party still not happy with Windows 10 privacy controls". February 28, 2017. https://www.scmagazineuk.com/article-29-working-party-still-not-happy-with-windows-10-privacy-controls/article/640677/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=MultigrainMalware&oldid=3365334"