PoSeidon

PoSeidon Description

PoSeidon is a PoS malware family that is very popular in the world of cybercrime. This malware family is known to have been involved in attacks that have affected thousands upon thousands of users around the world. Despite cybersecurity tools getting better at detecting and removing PoS malware, this threat does not seem to be going extinct. Instead, cybercriminals get ever more creative and cunning in their techniques.

It has not been confirmed what the propagation method of PoSeidon is, but it is speculated that the attackers either may be exploiting software vulnerabilities or employing corrupted USB flash drives. PoSeidon also is capable of recording keystrokes. The keylogger component will first access the Windows Registry and look for keys related to 'LogMeIn Ignition' - a popular piece of remote desktop software. If it finds a match, it would browse the saved profiles and attempt to retrieve the user's email address from there. Once it completes this step, it wipes out the saved LogMeIn profiles, therefore ensuring that the users will need to enter their password manually the next time they use the software.

Despite its keylogger capabilities, as a PoS malware, the main goal of PoSeidon is to collect credit card data. It does this by scanning the processes that are being run alongside the memory. To save time and effort, the creators of PoSeidon have programmed it only to record strings, which contain 15 digits and start with 3, and 16 digits which start with 4, 5, or 6 as these indicate that this is a Mastercard, Discover, AMEX or Visa card. Then, the data collected is run through the Luhn Algorithm, which is used to confirm the validity of credit cards. The data that passes through this test successfully, it is then sent to the attackers' remote servers. These servers have been confirmed to be hosted in Russia.

Despite the best efforts of malware researchers, PoS malware is still quite popular and claims thousands of victims yearly. Businesses need to keep close attention to their cybersecurity as they are dealing with the sensitive data of their clients who have trusted them with it.