Trojan.POSRAM
Posted: April 10, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 3,358 |
|---|---|
| Threat Level: | 1/10 |
| Infected PCs: | 13,809 |
| First Seen: | April 10, 2014 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
Trojan.POSRAM is a PoS or Point-of-Sale Trojan that collects credit card information from systems used in business transactions. Trojan.POSRAM is a major player in the Kaptoxa campaign, which successfully compromised the data of millions of customers of major shopping outlets. Since Trojan.POSRAM possesses advanced means of avoiding detection, updated anti-malware utilities and security protocols are important in preventing Trojan.POSRAM's installation or removing Trojan.POSRAM, and malware experts recommend that customers of compromised stores watch their credit card bills for signs of any unusual charges.
A New BlackPOS Gets Cybercrooks Back in the Black
Trojan.POSRAM is spyware that specializes in infiltrating the machines used to process sales transactions. Although Trojan.POSRAM is believed to be an updated version of a similar Trojan, BlackPOS, Trojan.POSRAM also has additional functions that make it more difficult for anti-malware utilities to detect Trojan.POSRAM in comparison to its predecessor. So far, malware researchers only have verified Trojan.POSRAM attacks for the Neiman Marcus and Target store chains, but this campaign already has been successful in stealing what's estimated to be over a million separate credit card records from customers. Target was the victim of the bulk of these thefts, averaging at six thousand, five hundred thefts per store location.
Trojan.POSRAM monitors relevant memory addresses and pulls the credit card information directly from the machine's memory, which allows Trojan.POSRAM to target data that's protected by a secure company network. Trojan.POSRAM attempts to transmit this data on a daily basis at a pre-designated time by using a temporary NetBIOS share to an internalized host. Ultimately, this lets Trojan.POSRAM transfer information through a standard FTP protocol, handing it over to third parties.
The presence of other threat actors also has been implicated in Trojan.POSRAM's 'Kaptoxa' attacks, although they are still being identified. Separate PC threats may be used to distribute Trojan.POSRAM, maintain the security compromise and provide a backup method of transferring any stolen credit card credentials. Importantly, malware researchers stress that Trojan.POSRAM does not show symptoms during its attacks and is designed to conceal itself completely from any casual observation, like most high-end spyware.
Stopping a Point-of-Sale Computer from Turning into a Point of Financial Woe
While the two store chains affected by Trojan.POSRAM attacks have not been notably slow in their response, the fact remains that even this brief campaign of PoS infiltration has allowed Trojan.POSRAM's owners to gain access to millions of credit card details, including the associated PIN numbers. Given the sophistication of Trojan.POSRAM's anti-security features and the recent development of its assaults, other store chains also may be vulnerable to Trojan.POSRAM attacks. Proper PC security is essential for blocking Trojan.POSRAM or, if necessary, removing Trojan.POSRAM from store machines.
Although casual PC users who don't work in retail are not likely to be attacked by Trojan.POSRAM directly, they may suffer from having their credit cards exploited. If you've shopped at Target or Neiman Marcus within the last few months, malware experts vehemently suggest that you watch carefully your credit card expenses. Any unusual charges are possible signs of outsiders using your own credit card against you, even if your local store already has taken steps to remove Trojan.POSRAM after a previous attack.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.