AbaddonPOS

AbaddonPOS Description

A few years ago, Point-of-Sale devices were often considered to be impenetrable by cybercriminals, because finding an infection vector and staying undetected was a very challenging task mainly. However, hackers decided to explore the opportunity to infect Point-of-Sale (PoS) devices eventually, and the results were not late – malware researchers have had to combat a plethora of malware that targets PoS devices exclusively, and attempts to snatch the credit card details processed through them. While this does not harm the business owning the PoS device, an attack of this sort may end up costing customers thousands of dollars.

One of the malware families to infect a large number of PoS devices located in the United States goes by the name AbaddonPOS – a hacking tool believed to be used by the TA530 group, which is usually involved in financially motivated attacks.

The campaign to spread the AbaddonPOS appears to evolve regularly, and the attackers have been spotted using fraudulent email attachments, exploit kits, and Trojan downloaders to propagate copies of the AbaddonPOS to potential targets. Once the threat manages to infiltrate a system, it will begin to observe specific processes that are known to be used by Point-of-Sale device software immediately. Naturally, to minimize the amount of work it has to do, the AbaddonPOS will only look for specific number strings that are likely to contain credit card holder data:

  • Only looks for number strings starting with 3, 4, 5 or 6.
  • Only looks for numbers with a length greater than or equal to 13, and lesser than or equal to 19.
  • Uses the Luhn algorithm to verify that the extracted data does contain a valid credit card number

The collected data is encoded using a hardcoded XOR cipher and then transferred to the attacker’s server whose IP address is also hardcoded in the AbaddonPOS sample analyzed.

Last but not least, the AbaddonPOS malware is loaded with anti-obfuscation checks and techniques that are meant to make the job of malware researchers more difficult. Thankfully, the cybercriminals did not do enough to stop experts from dissecting every single byte of their threat, and this has enabled anti-virus products to identify and eradicate the AbaddonPOS easily.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AbaddonPOS may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AbaddonPOS may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: May 27, 2019

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.