ShellTea

PoS (Point-of-Sale) malware is a rather direct method of stealing cash and is preferred by some cybercriminals and hacking groups. This threat works by infiltrating a PoS machine and collecting the sensitive information of the credit cards it services. Often, the cyber crooks target the hotel industry. High-end hotels are the most sought-after victims as they are likely to deal with rich clients with fat bank accounts. FIN8 is a hacking group, which is known for having an appetite for this cybercrime. The last campaign of the FIN8 group was spotted back in 2017. They employed the PunchBuggy and ShellTea backdoors in an attack targeting the hospitality sector.

It was speculated that the FIN8 hacking group might have dissolved because they had been inactive since 2017. However, it turned out that the FIN8 group is alive and well. This hacking group reemerged with a new attack targeting the hotel industry recently. It is believed that the infection vector employed by the FIN8 hacking group is spear-phishing emails containing a corrupted payload, which carries an updated variant of the ShellTea malware. Luckily, the target managed to intercept the attack and stopped it before any real damage was done. Despite the FIN8 hacking group failure to complete the attack, malware experts believe that it is likely that they attempted to plant PoS malware once again.

If the ShellTea backdoor penetrates a system successfully, the attackers will be able to use the PowerShell tool to execute commands, alongside downloading more files onto the compromised host and controlling the processes that are being run. Usually, threats like the ShellTea malware are difficult to spot because they are rather sneaky in executing their unsafe plans, and the victim may remain unaware of the activity of the threat for quite a while.

Despite this failed attempt, it is likely that this will not stop the FIN8 hacking group from trying their luck again in the future. Even during the time while they were inactive, the FIN8 group did not remain idle and continued improving on the hacking tools in their arsenal. This is why businesses and government entities cannot afford to overlook their cybersecurity and need to be aware and use the latest best practices when it comes to security online.