View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Cisco unearths persitent & elusive PoS malware

Poseidon shows hackers are becoming more devious.

By Jimmy Nicholls

Point of sales (PoS) units are being targeted by persistent and elusive malware, according to the networking firm Cisco.

Nicknamed Poseidon, the virus family improves on previous PoS malware with the ability to survive possible system reboots and the use of several techniques to avoid detection.

Talos, a threat research unit within Cisco, said: "Incidents involving PoS malware have been on the rise, affecting many large organisations as well as small mom-and-pop establishments and garnering a lot of media attention.

"The presence of large amounts of financial and personal information ensures that these companies and their retail PoS systems will remain attractive targets."

Once installed on a system Poseidon establishes contact with a command and control (C&C) server to download further malicious material, with includes a keylogger that scans the PoS system for credit card numbers.

When these are found the malware then encodes both keystrokes and the numbers before sending them to an exfiltration server, where they will become available for hackers to exploit or sell on.

Analysis by Cisco also showed that two of the components in the malware share significant functions, suggesting to the company that the hackers have created software libraries that can be reused across projects.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

"As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families," Talos said.

"Network administrators will need to remain vigilant and adhere to industry best practices to ensure coverage and protection against advancing malware threats."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.