Overview – New RawPOS Malware Uncovered

It seems that the more things change, the more they stay the same. RawPOS malware has been around since 2008 and is one of the earliest pieces of malware designed for credit and debit card theft. The point-of-sale (POS) malware has been used for years by cybercriminals to target the customers of resorts, hotels, and casinos in North America and other parts of the world. But the old-form threat has recently resurfaced under a different guise—Cylance Professional Services team recently uncovered new variants.

RawPOS is a highly configurable, multi-stage memory scraper that has evolved over the past few years. Its modular design has enabled attackers to adapt the threat to a targeted environment. Moreover, traditional antivirus (AV) signatures don’t protect against it. RawPOS malware highlights how easily signature based AV products can be bypassed by this malware. Why? Often when malware is updated, small changes will be added to the code base to enable new functionality. This enables it to easily bypass existing signatures for that malware. Click here for technical details of RawPOS

Impact – How to Secure POS Systems from RawPOS

Today, POS systems are still a high-value target for cybercriminals and groups. There have been many cases, some high profile, that have used this kind of memory scraping malware to steal card data. Our Threat Guidance team’s analysis shows how little effort needs to be invested to bypass signature based technologies. It is concerning that new malware variants with roughly the same functional capabilities as the ‘old’ malware can adopt minor tweaks to evade legacy AV vendors. 

Prevention – CylancePROTECT® Prevents RawPOS

Cylance provides memory protection capabilities that prevent the exploitation of many of the most common classes of vulnerabilities. Cylance customers deploy CylancePROTECT to prevent malware execution and data exfiltration. CylancePROTECT will help prevent the memory scraping components of this threat. In addition, our endpoint protection product strengthens the OS’s basic protection features like data execution prevention, addresses space layout randomization, and enhances the mitigation experience toolkit. Our product powered by machine learning and artificial intelligence stops threats before they can cause damage, pre-execution.

Convinced that the next generation of endpoint security is right for your organization? Contact a Cylance expert to get started!