CenterPOS
Posted: February 9, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 8 |
| First Seen: | February 9, 2016 |
|---|---|
| OS(es) Affected: | Windows |
CenterPOS is a Point-of-Sale Trojan that collects information associated with credit and debit cards by compromising checkout systems. Like most POS Trojans, CenterPOS scans all relevant memory processes and then transfers the data to a remote server without showing symptoms discernible by the machine's operator. Having ongoing anti-malware protection provided by robust security software is your best defense against CenterPOS, although the routine updates received by this threat may require similar updates to your threat databases to enable accurate identification.
Getting at the Center of a Well-Maintained Spyware Campaign
CenterPOS, also known in the malware marketplace as 'Cerebrus' (unrelated to the Remote Access Trojan Cerberus), is a spyware program targeting POS machines throughout an ongoing series of updates and revisions. Despite the attention to detail, some of CenterPOS's administrators also have been noted for their willingness to use alternative programs for the same types of data-collecting attacks, including Alina and BlackPOS, along with Cardholder Data Recovery (a non-malware utility). Like other Point-of-Sale threats, all of these Trojans, including CenterPOS, specialize in the misappropriation of data from debit and credit card transactions.
The first confirmed version of CenterPOS likely of being in the wild is 1.7, as of mid-2015. Since that time, CenterPOS has received new updates, with a prime difference being its new configuration file. Con artists may use the configuration file to switch CenterPOS's remote server list. CenterPOS's built-in capacity for auto-generating this file makes the process of adapting its behavior to a new campaign straightforward.
As a POS Trojan, CenterPOS scans most memory processes (excluding some 'irrelevant' ones, such as baseline Windows components) for card data matching its regular expression list. New versions of CenterPOS also include a second, more specialized scanning feature that only scans previously-examined processes. Besides sending potential customer data, CenterPOS also uses individual POST requests for transmitting information related to the compromised machine's running processes, users, sessions and overall settings.
How You can Put a Bad Dog Down
CenterPOS or Cerebrus may bear only the most minimal, passing resemblance to the mythological dog serving as its namesake, but does provide many details for challenging both the anti-malware industry and any business vulnerable to POS threats. The willingness to use threats with overlapping features, rapid deployment of updates, aversion of traditional threat techniques like builder-server configurations, and jumps between different Command & Control servers all point to CenterPOS's authors and admins being flexible and industrious. Besides the trace network activity and minor system resource changes used by CenterPOS, there are no symptoms that malware experts can associate with its attacks.
Limiting account login attempts, using strong passwords and disabling remote desktop features are some of the clearest methods of reducing vulnerabilities through which CenterPOS could install itself. Although CenterPOS is a spyware product meant for transferring data outwards primarily, CenterPOS also includes limited features that could assist other threat attacks, such as running batch scripts. Perhaps most meaningfully, its admins already have shown a degree of familiarity with other POS Trojans that could install themselves with CenterPOS. In all cases, compromised machines should receive full anti-malware scans from the most appropriate security products.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.