MajikPOS
MajikPOS is a Point-of-Sale or PoS Trojan that collects credit card information from associated machines. MajikPOS often takes advantage of non-secure network and account settings during its installation attempts and comes in the company of other threats, such as RATs. Appropriate anti-malware tools should detect and delete MajikPOS, which should be done ASAP for limiting the theft of customer data.
The Magic of the Art of Theft
PoS Trojans, while being rendered less profitable by the evolution of chip-based card technology slowly, are far from extinct. MajikPOS offers an average example of a successful PoS Trojan campaign from 2017, using many of the tools and strategies that are, today, so familiar as to be almost passe. This .NET-language Windows Trojan offers insight into the helping hands that a Trojan has for accessing a system, remaining hidden, and acquiring its goal of credit card credentials.
Although modularity is almost the default option for most major families of threats, nowadays, back in MajikPOS's time, it was more novel. MajikPOS's use of modules for its RAM-scrapping feature limits interdependencies and gives its administrators additional options for escalating or constraining infections. Like most competent Trojans, MajikPOS also hides its identity from automated security products via encryption and uses Windows system file names for hiding its components from the average user's eyes.
While malware experts confirm MajikPOS's inability to collect data from chip-based cards, it provides ample support for snatching credentials out of memory, for magnetic-stripe based ones. This feature affects most major company brands, such as American Express, Discover, and Visa, as well as more niche ones like Diners Club. After collecting the data, MajikPOS transfers it to a C&C server, and the criminals sell it on another server, for as little as nine dollars per track.
Turning the Magical into the Mundane
MajikPOS's threat actors depend on a variety of security mistakes from their victims for getting into PoS systems. They may brute-force passwords, hunt down PCs with open ports via port scanners, or use administrative features like RDP. In some infections, malware researchers also confirm the use of the AMMYY RAT or FlawedAmmy as a remote-controlling tool.
The risk of locally-networked systems experiencing compromises is high, and users should isolate infected PCs as soon as possible. For preventing attacks at all, they can employ complex passwords on their logins, update software for closing off vulnerabilities, and use secure configurations for firewalls and ports. Workers also should be careful around e-mail attachments due to the high usage of e-mail tactics for compromising business entities.
Between Remote Access Trojans and accidental 'helping hands' from the people they're attacking, MajikPOS has multiple ways of sneaking into any business's Point-of-Sale hardware. The best bet of preventing that, or the more modern equivalent of the PoS Trojan's campaign, all entail minding one's security practices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.