According to a Thursday post by Jay Yaneza, a researcher with Trend Micro, there is a new point-of-sale (POS) malware threat making the rounds. Identified as GamaPoS, the spam campaign involves the Andromeda botnet.

The method of infection involves sending out mass phishing emails containing macro-based malware attachments or links to compromised websites hosting exploit kits. The idea is to distribute as many Andromeda backdoors as possible in the hopes of catching some POS systems and infecting them with GamaPoS.

Yaneza said: “Note that just [fewer than] four percent of those affected by Andromeda were affected by GamaPoS. The domains involved were registered on May 2 and the campaign spun up starting May 6 and was running through mid-July.”

Those infected include consumer electronics companies, furniture wholesalers, restaurants, home healthcare groups and various other organizations in 13 U.S. states, including California, Colorado, Florida, New York, South Carolina and Texas.

It should be noted that GamaPoS is the first POS malware that is coded using the .NET framework.

“We can attribute this development to the fact that it is easier to create malware in the .NET platform and, now that Microsoft made it available as an open-source platform, more developers are expected to use it for their applications,” Yaneza wrote. “This makes .NET a viable platform to use for attacks.”

As usual, employers are reminded to inform employees about spam email.

Source: SCMagazine