GlitchPOS is a Point of Sale malware or POS for short. These threats are designed to infect Point of Sale systems, such as credit card readers and cash registers, to collect credit card numbers and similar information that may be acquired at the point where a retail sale takes place. GlitchPOS is being distributed online on the Dark Web, mainly credited to a criminal going by the alias 'Edbitss.' Criminals can purchase GlitchPOS and then use it for their own purposes. Similar hacker forums and Dark Web sites sell other hacking tools and malware. The criminals can lease GlitchPOS by paying 250 USD per month to use this threat. Paying this amount allows the criminals to purchase GlitchPOS to gain access to a control panel accessed through TOR and to a custom version of GlitchPOS. The criminals can then deploy GlitchPOS onto Point of Sale devices and business networks through a variety of means, controlling it from the online control panel.
Table of Contents
The GlitchPOS Trojan will Enter Poor5ly Protected Devices
GlitchPOS will typically be installed on devices that are poorly protected, which may include devices that are connected to the Web and have poor password protection or can be accessed by the criminals directly. Stores or institutions that have POS networks that are not segmented and with poor security also are typical targets for threats like GlitchPOS. The purpose of GlitchPOS is to collect the customers' information as they are making a payment. For example, GlitchPOS will collect credit card information directly from the credit card scanners. GlitchPOS also can be used to collect payment information from websites containing online payment portals, taking advantage of poorly implemented payment systems and poor security in general.
How the Criminals Use GlitchPOS to Carry Out Attacks
There are numerous functions that the criminals can carry out using GlitchPOS. GlitchPOS will register any infected devices with a Control and Command server that can then be used to control the infected device and GlitchPOS. The infected device will listen for commands from the Command and Control server by connecting through a dedicated network port. GlitchPOS can receive a wide variety of commands, which can allow GlitchPOS to update itself, create scheduled tasks, download other malware, or delete itself in case of risk of detection. Once GlitchPOS has been installed, it will hook into software used to process payments, allowing GlitchPOS to detect and extract credit card numbers, debit card numbers, online payments, and other information, sending this private and valuable data to its Command and Control server.
Other Features Linked to GlitchPOS
Apart from collecting payment information, there are other features associated with GlitchPOS. GlitchPOS is capable of tracking its performance, allowing the criminals to keep statistics by country, IP address and device ID. GlitchPOS is capable of infecting most versions of Windows, going back to Windows XP, capable of infecting both x64 and x86 devices. GlitchPOS is capable of collecting passwords and login information for a variety of software and platforms, which can include the Web browsers Mozilla Firefox, Yandex Browser, Google Chrome, Internet Explorer and Opera; the FTP program FileZilla; and instant messaging and email software such as Yahoo Messenger, ICQ Lite, Thunderbird, Eudora, IncrediMail, Microsoft Outlook, Outlook Express, Gmail, Google Talk, Trillian and Digsby. GlitchPOS can be used to collect digital currency, targeting digital currency wallets for Electrum, BitcoinDark, Armory, Namecoin, PPCoin, Feathercoin, NovaCoin, Devcoin, Anoncoin, DashCoin, Bitcoin, Litecoin and several others.
Protecting Your Devices from Threats Like GlitchPOS
Administrators and businesses using POS systems must take steps to ensure that their customers' private data is safe. It is fundamental to ensure that all security is monitored constantly, strong passwords are used, and possible entryways into any network are secured properly. It is also necessary to use a mixture of security software and human monitoring to ensure that threats like GlitchPOS cannot be deployed.