• No events
AEC v1.0.4

Cyber Security Info

New malware combines banking trojan and POS malware

June 5, 2014

Share Button

The market with POS malware has significantly increased following the spectacular successes in stealing credit card data during 2013 and 2014. Arbor Networks reports on Soraya malware that incorporates features of two popular malware families. It serves as a banking trojan being able to intercept data from web forms and at the same time is able to scrap memory of the infected device for any credit card data. The malware injects itself into various windows processes including explorer.exe and assures its persistence by adding new key to the registry. It hooks particular commands of web browsers to exfiltrate web form data and check running processes every 5 seconds to scan the memory for credit card data. Arbor Networks believes that Soraya has stolen data from thousands of credit cards mainly from USA, Canada and interestingly Costa Rica. 

Share Button