GlitchPOS

Posted: March 18, 2019

GlitchPOS Description

GlitchPOS is a Point-of-Sale Trojan – a form of spyware that collects credit card details from businesses' transaction-processing machines. GlitchPOS uses packing and misleading internal data for disguising itself from any security solutions but shows no substantial symptoms while it's working actively. Let your anti-malware tools monitor the system for changes and remove GlitchPOS as appropriate; meanwhile, customers with suspected data breaches should cancel their cards ASAP.

Point-of-Sale Problems Making a Return

The threat actor previously involved in running the DiamondFox botnet is switching to a new threatening software type: a dedicated Point-of-Sale Trojan. His product, GlitchPOS, recycles some of the user interface of the previous botnet but none of its PoS features and is an independent work effectively. Besides having the option of running his private campaigns for collecting transaction information, the author, 'Edbitss,' is selling out various options for the Trojan to other criminals on Black Hat software websites.

The GlitchPOS's installer uses UPX packing and an internal function implying that it's a simple game (which never appears for the user, post-installation) for its anti-security software defenses. The Windows Trojan will, once it's active, scrape memory for credit card details that it can upload to the threat actor, who monitors the situation and sends commands through a control panel. While malware experts are noting that GlitchPOS's payload scope is narrow, the program includes the traditional, useful features, such as the XOR encryption for its C&C communications, optional updating of various parameters like what processes it excludes, and a self-uninstaller.

GlitchPOS's current business model is depending on criminals who buy either a prebuilt variant of the spyware or (for a higher price) the Trojan-making toolkit and distributing it to new targets at their pleasure. This mode of operation, not too different from the Ransomware-as-a-Service or RaaS industry, leaves many infection strategies open to possible abuse. Businesses should install appropriate security solutions and monitor physical access to PoS machines while maintaining strict guidelines regarding e-mail interactions for workplace addresses.

A Glitch in this Spyware's Business Model

GlitchPOS is too new to have much of a claim to fame, but its history is collecting an odd point of data: the attempted theft of the brand from Edbitss by another criminal. The second individual is selling GlitchPOS, using the same options at higher prices, on similar forums in the underground Trojan. Whether this threat actor bought GlitchPOS or gained access to its code in another way isn't knowable yet, but it could do more to help the product's circulation, along with showing that there's no honor among thieves.

Customers who are affected by GlitchPOS will have no signs of the compromise until the threat actors begin abusing the data or selling it to third parties for doing the same. Businesses should, however, notify their customers of security breaches and recommend canceling all exposed cards immediately, and doing rollbacks on any fraudulent charges, if pertinent. Traditional anti-malware tools should remain appropriate for blocking the installation of the threat or removing GlitchPOS after the install routine, although its payload has little relevance to home PC users.

Point-of-Sale Trojans are not as numerous as in past years and are forgotten about next to more bombastic threats readily, like Trojans wielding encryption for ransoming files. Down isn't out, however, and GlitchPOS is a clear showing that businesses need to maintain a reasonable minimum of security.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to GlitchPOS may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to GlitchPOS may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.