New GlitchPoS Malware Targets Point-of-Sale Terminals

Cisco Talos recently discovered Glitch PoS (Point-of-Sale) malware available for purchase on a crimeware forum. The payload is small, containing only a few functions, and will connect to a command and control (C2) server which sends instructions to the malware. PoS malware is generally deployed on retailers' websites and retail PoS terminals with the goal of tracking customer payment information. Threat actors may use this malware to obtain credit card numbers and immediately sell this information to other potential threat actors or seek personal financial gain. PoS terminals are often overlooked as security risks, and have become a soft target for threat actors. The developer of GlitchPoS is also assessed to have been the creator of DiamondFox L!NK botnet used in the 2015-2017 attacks. The NJCCIC recommends businesses using PoS software implement network security appliances, malware protection, and secure internet gateways that can detect malicious activity.