Trojan.POSRAM
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 2,871 |
| Threat Level: | 10 % (Normal) |
| Infected Computers: | 5,880 |
| First Seen: | April 10, 2014 |
| Last Seen: | September 19, 2023 |
| OS(es) Affected: | Windows |
Trojan.POSRAM is a threat tool that was part of the highly publicized attack on Target and other companies around the world. Trojan.POSRAM scrapes the infected computer's memory in order to obtain credit card data directly from the computers at the point of sale. After obtaining this information, Trojan.POSRAM sends it to a remote server where it may later be retrieved and used to pilfer money, carry out fraudulent purchases and operations and identity theft.
Trojan.POSRAM Gathers Sensitive Data from the PC's Memory
The Trojan.POSRAM's code is heavily based on BlackPOS, a similar threat infection that was developed in Russia last year. However, Trojan.POSRAM was designed in order to prevent detection from security programs. The main concern in the development of Trojan.POSRAM was the use of BlackPOS' memory scrubbing techniques, but to customize Trojan.POSRAM highly to ensure that Trojan.POSRAM would be nearly impossible to be detected. It is almost certain now that the threat that was used to attack Neiman Marcus and Target was based on BlackPOS, now known as Trojan.POSRAM.
It is important to note that Trojan.POSRAM was not entirely alone in these attacks. These sophisticated attacks also required a large number of different threat components to gain access to the compromised networks, stay on them undetected, and relay the stolen data to a remote server. Basically, Trojan.POSRAM's job is to monitor the portions of memory that are utilized by programs used in credit card payments in order to extract credit card data. Programs like Pos.exe and PosW32.exe extract and process the data in credit and debit card magnetic strips. Although this data is usually transmitted using secure channels, it may still be grabbed from memory with a threat like Trojan.POSRAM.
Even though Trojan.POSRAM is particularly sophisticated, the real complexity in this attack lies in the attackers' ability to orchestrate and coordinate the numerous components involved. By monitoring the time on the infected computers, third parties could then take the data extracted by Trojan.POSRAM and store it in a specific location. They could then use FTP to transfer it to their own servers for their own use.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.