FIN8 Group Returns, Targeting POS Devices With Malware

After a two-year absence, the hacking group known as FIN8 has returned with a new campaign mainly targeting point-of-sale machines in the hotel industry in an effort to steal credit card and other payment data, according to new research.

See Also: 10 Incredible Ways You Can Be Hacked Through Email & How To Stop The Bad Guys

As with previous hacking attempts, this new attack started with a spear-phishing campaign that would allow the FIN8 group to install the ShellTea malware backdoor into a victim’s network in an effort to steal data from POS devices, according to security firm Morphisec.

In a blog post published Monday, Morphisec CTO Michael Gorelik writes that his firm was able to stop the March attack before any data was taken. An analysis of the incident at the unnamed hotel chain led Gorelik to conclude with “high probability” that it was the work of the FIN8 group.

While FIN8 used the same ShellTea backdoor as in previous campaigns, Gorelik notes that the group made several changes to the malware to help it avoid detection and other security protocols. Additionally, the use of the backdoor could mean that the hacking group planned to maintain their presence within the network for purposes beyond stealing credit card and other financial data.

“At least one of the machines wasn’t POS at all, so it wasn’t clear why the backdoor existed there beside going back to the assumption that this code may be reused to deliver something else,” Gorelik tells Information Security Media Group.

“This backdoor implant is very effective in bypassing behavior solutions and whitelisting solutions so someone who has access to the code of this malware, I suppose, may reuse it for different purposes other then what was it used before, such as downloading POS malware.”

Read the full story and the Return after a 2-year absence here:

Curated by Liquid Layer Networks

At Liquid Layer Web Hosting [], we’ve made a shared web hosting platform that’s both feature-rich and easy to make use of. Our programmers have built up a custom Linux cloud web hosting platform plus an innovative Control Panel that perfectly takes advantage of its capabilities. After long hours of programming and bug fixing on our end, we are now capable to guarantee that all of our shared web hosting services are safe, virus-free, full of capabilities and very easy-to-work-with. In addition, they feature 99.9% server uptime as well as 99.9% network uptime warranties.

Powered by:

HostCheetah Networks
Global Web Hosting, Domain Registration, and Internet Services |

PC Helper | Est 1996 - Web Hosting | US, AU, UK, Finland, Bulgaria | :sunglasses: