Jump to content

MultigrainMalware

From Wikipedia, the free encyclopedia

A new sophisticated point-of-sale or memory-scraping malware called "Multigrain" was discovered on April 17, 2016 by the FireEye Inc. security company.[1][2] Multigrain malware comes under the family of NewposThings Malware. This malware is similar to the NewposThings, FrameworkPOS and BernhardPOS malware which were known previously as notorious malware.[3][4]

Process of Multigrain malware

[edit]

Multigrain uses the Luhn algorithm to validate the credit and debit card details.[5] This POS malware then infects the computer and blocks Hypertext Transfer Protocol (http) and file transfer protocol (ftp) traffic which monitors the data exfiltration.[6][7] It exfiltrates the scraped information of credit and debit card via Domain Name Server (DNS).[8][9] Then it sends the collected payment card information to a 'command and control server' server.[10][11]

Targets one POS platform

[edit]

Multigrain targets specifically the Windows point of sale system, which has a multi.exe executable file.[12][13] If Multigrain gets into a POS system that does not have multi.exe then it deletes itself without leaving any trace.[14][15]

See also

[edit]

References

[edit]
  1. ^ "MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry". FireEye.
  2. ^ ""Point of Sales (POS) Evolution to DNS Exfiltration"" (PDF).
  3. ^ ""Multigrain" PoS Malware Exfiltrates Card Data Over DNS | SecurityWeek.Com". www.securityweek.com. 20 April 2016.
  4. ^ "Multigrain PoS malware exfiltrates stolen card data over DNS". Security Affairs. April 20, 2016.
  5. ^ "New Multigrain Malware steals Point of Sale Data Over DNS".
  6. ^ "Wheat a moment: Multigrain malware uses DNS to steal POS data "
  7. ^ Cimpanu, Catalin (19 April 2016). "PoS Malware Steals Credit Card Numbers via DNS Requests". softpedia.
  8. ^ Constantin, Lucian (April 20, 2016). "New point-of-sale malware Multigrain steals card data over DNS". Computerworld.
  9. ^ "DNS and Stolen Credit Card Numbers". www.circleid.com.
  10. ^ Stoyanov, Daniel (April 21, 2016). "PoS Malware 'Multigrain' Steals Credit Card Details via DNS".
  11. ^ "SASE Solution - Secure Access Service Edge". Fortinet.
  12. ^ Chirgwin, Richard. "VXers pass stolen card data over DNS". www.theregister.com.
  13. ^ ""MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry"". Archived from the original on 2016-04-22. Retrieved 2016-07-11.
  14. ^ "Multigrain Malware Targets Multi.Exe Process, Steals and Exfiltrates Data, Pretending as DNS Queries". www.spamfighter.com.
  15. ^ "Article 29 Working Party still not happy with Windows 10 privacy controls". SC Media. February 28, 2017.