LockPOS is a point-of-sale malware used to exfiltrate payment card data from targeted point-of-sale (POS) systems’ memory. The most recent version of LockPOS examined here changed its injection technique to drop the malware directly to the kernel to evade detection and bypass traditional antivirus hooks. In addition to the injection technique, this new malware variant is also communicating with a new command-and-control (C2) server that hasn’t been seen before.
This is a Security Bloggers Network syndicated blog post authored by Cylance Blog. Read the original post at: Cylance Blog