RtPOS Malware

A new point-of-sale (PoS) malware has been discovered by security researchers at Booze Allen Hamilton. Dubbed RtPOS, the malware’s primary function is to monitor a PC’s RAM for text patterns indicative of payment card numbers and, if found, save them to a local DAT file. Differing from other PoS malware, RtPOS does not contain any networking features and, therefore, has no exfiltration capability to send the information gathered to a command-and-control (C2) server, leaving all collected data stored on the infected system. The behavior of this malware leads researchers to believe that RtPOS is still in development or may be used as a post-compromised tool as part of a larger campaign. The NJCCIC recommends all administrators of PoS systems review the Booze Allen Hamilton report on RtPOS. Additionally, it is advised to have endpoint protection implemented on all PoS systems to help protect against malware like RtPOS.

AlertNJCCICMalware, Point-of-Sale