FIN8 is a hacking group that has been active for several years and has conducted a number of operations around the globe, mainly targeting financial institutions. They have a constantly evolving arsenal of hacking tools. Often, they would combine two or more hacking tools in one campaign. In one of their most recent campaigns, the tool called the BADHATCH backdoor Trojan was used to provide access to the infected host to the more malicious PoSlurp malware that is used to target PoS (Point-of-Sale) devices. The purpose of the PoSlurp malware is to collect data regarding financial information that may be located on the compromised system.
Collects Credit Card Data
The malicious code of the PoSlurp malware does not run in a separate process and, instead, the attackers are able to inject it into legitimate Windows processes. Then, once the PoSlurp malware is running, it will look for credit card information that could be present on the system. Not only is the PoSlurp malware able to locate financial details that have been saved on the PC prior to the attack, but it can also detect if the user is filling in any new ones. This is done by checking the RAM in real-time. Most malware that targets credit card information uses the Luhn algorithm to confirm the validity of the data, and the PoSlurp malware is no exception.
Apart from stealing credit card information, the PoSlurp malware is also able to:
- Execute remote commands.
- Browse files.
- Access log files.
- Modify log files.
- Wipe out log files.
The FIN8 hacking group makes sure to update their tools and stay one step ahead of cybersecurity experts as much as they can. Having a legitimate anti-malware application is crucial for the safety of your system. Additionally, you have to always keep in mind that all the software present on your PC must be updated regularly to avoid becoming vulnerable to cybercriminals like the FIN8 hacking group.