ModPipe Malware
The ModPipe Malware is a threatening project, whose targets are Point-of-Sale (PoS) devices used in the hospitality sector primarily. Often, PoS malware goes after countries with laxer security measures, but the ModPipe Malware's authors appear to go after major targets – their malware appears to look for devices loaded with the Oracle Micros Restaurant Enterprise Series (RES) 3700 software. The latter software package is especially popular among hotels and restaurants operating in the United States.
PoS Malware Targets the US Hospitality Sector
Usually, malware targeting point-of-sale devices works in a very predictable manner. It monitors specific process names and services actively and then tries to hijack credit card numbers, expiration dates, and cardholder names from the system memory. Typically, this process is very noisy, and malware that uses such methods has difficulties getting around security products and services. The ModPipe Malware, on the other hand, does not exhibit an obvious interest in hijacking credit card numbers, names and dates from the device memory. Instead, it operates in a different manner whose exact purpose is not clear yet. When the ModPipe Malware infiltrates a PoS device running Oracle's RES 3700 software suite, it will target the RES database passwords by extracting and decrypting them from the Windows Registry. However, this does not give the attackers much to work with. If they manage to snatch the passwords successfully, they may be able to access information about transactions, configuration, and some fluff content that is not very valuable. The ModPipe Malware copies discovered so far do not try to grab credit card information of any kind.
The aggressive and targeted approach that the ModPipe Malware uses shows that its authors are probably well-versed with the modus operandi of Oracle's RES 3700. So far, the majority of ModPipe Malware's victims appear to be located in the United States, but there is no clear evidence about the infection vectors that the attackers are likely to use.
The ModPipe Malware does not appear to be a piece of software written by inexperienced cybercriminals, certainly, but its true purpose remains unknown. It is possible that the attackers might still be testing their product before including a final mechanism meant to extract data from compromised PoS devices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.