Loup Malware Description
According to the cybersecurity researchers who analyzed it, the Loup Malware appears to be either a proof of concept build or a test version for the actual malware release in the future. Nevertheless, even at this stage, the Trojan can be misused to compromise and cash out ATM and NCR devices.
The Loup Malware injects its code into the kernel32 application, after which it performs several checks. First, it looks up if XFS (Extensions for Financial Services) is present on the infected device. Then it makes sure that the two targeted currencies - Egyptian Pound or Pound Sterling are available. The Loup Malware also has the functionality to exfiltrate data, as it looks up details on the Service provider of the compromised device.
The Loup Malware may be designed to target Egyptian devices, which is evidenced by the currency check specifically and the fact that the sample of the malware that was detected by the security researchers was uploaded from Egypt.