MultigrainMalware
A new sophisticated point-of-sale or memory-scraping malware called “Multigrain” was discovered on April 17, 2016 by the FireEye Inc. security company.[1][2] Multigrain malware comes under the family of NewposThings Malware. This malware is similar to the NewposThings, FrameworkPOS and BernhardPOS malware which were known previously as notorious malware.[3][4]
Process of Multigrain malware
Multigrain uses the Luhn algorithm to validate the credit and debit card details.[5] This POS malware then infects the computer and blocks Hypertext Transfer Protocol (http) and file transfer protocol (ftp) traffic which monitors the data exfiltration.[6][7] It exfiltrates the scraped information of credit and debit card via Domain Name Server (DNS).[8][9] Then it sends the collected payment card information to a 'command and control server' server.[10][11]
Targets one POS platform
Multigrain targets specifically the Windows point of sale system, which has a multi.exe executable file.[12][13] If Multigrain gets into a POS system that does not have multi.exe then it deletes itself without leaving any trace.[14][15]
See also
References
- "MULTIGRAIN – POINT OF SALE ATTACKERS MAKE AN UNHEALTHY ADDITION TO THE PANTRY"
- "Point of Sales (POS) Evolution to DNS Exfiltration"
- "Multigrain" PoS Malware Exfiltrates Card Data Over DNS"
- "Multigrain PoS malware exfiltrates stolen card data over DNS"
- "New Multigrain Malware Eats Memory, Steals POS Data"
- "Wheat a moment: Multigrain malware uses DNS to steal POS data "
- "PoS Malware Steals Credit Card Numbers via DNS Requests "
- "New point-of-sale malware Multigrain steals card data over DNS "
- "DNS and Stolen Credit Card Numbers"
- "PoS Malware ‘Multigrain’ Steals Credit Card Details via DNS"
- "New PoS Malware Extracts Payment Card Data Over DNS"
- "NewPosThings back as Multigrain, says Fireeye"
- ""MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry"". Archived from the original on 2016-04-22. Retrieved 2016-07-11.
- "Multigrain Malware Targets Multi.Exe Process, Steals and Exfiltrates Data, Pretending as DNS Queries"
- "'Multigrain' variant of POS malware crops up; uses DNS tunneling to steal data"