Alina

Alina Description

Point-of-sale (POS) devices may process the data of hundreds of credit cards on a daily basis – in some cases, this number might exceed a thousand, especially if the device used by a major business. This is why it does not come as a surprise that cybercriminals have turned their attention towards POS devices, and came up with various pieces of malware that are able to infiltrate these devices and collect credit card information from them. One of the popular POS malware families is Alina – a threat that has been functioning in the United States primarily and has been used to target businesses in the accommodation and restaurant business.

It is not clear how the attackers manage to exploit the targeted computer so that they get a chance to plant the Alina malware onto the targeted POS device. Two of the files linked to the attack are ‘Epson.exe’ and ‘Wnhelp.exe’ – while both of them use a similar method to extract the data from the targeted machine, they use entirely different techniques to acquire persistence and select the memory sections from which to exfiltrate the data. Typically, POS malware works by scraping the compromised device’s memory and looking for number combinations that pass the Luhn algorithm check.

The first sample only checks the memory of a specific list of system processes that are linked to POS operations. In the meantime, the other sample checks all processes apart from the ones blacklisted – mostly Web browsers, messaging applications and system processes. The data collected from the memory of the targeted processes is then checked via the Luhn algorithm and all positive results are saved.

Both variants of the Alina POS malware can receive commands from the attacker’s Command & Control server – the number of commands is small, but it would enable the attacker to update the malware or download and execute additional files onto the targeted system. The credit card data scraped by the attackers is often sold on underground hacking forums where the price of a single card can exceed $100 depending on the country of origin.

POS devices in the accommodation, retail and restaurant businesses are usually the primary targets of the attackers, since these places are unlikely to have dedicated IT staff to monitor their systems.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Alina may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Alina may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Posted: May 10, 2019

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.