Kasidet

For the Thai actor, see Kasidet Plookphol.

Kasidet is a variant of point-of-sale malware that performs DDoS attacks using Namecoin's Dot-Bit service to scrape payment card details.[1][2] It is also known as Trojan.MWZLesson or Neutrino and was found in September 2015 by cyber security experts.[3][4] It is a combination of BackDoor.Neutrino.50 and the POS malware.[5]

Operation

Kasidet POS Worm gets on a system along with the other malware or gets downloaded unknowingly when user visits malicious websites.[6][7] This malware is different from other POS malware and it scrapes data with advanced features.[8] First it scrapes the POS RAM and steals payment card details. Then the scraped information is sent to the cyber criminal with intercepted GET and POST requests from the browser.[9] Detecting the bot with security programs is difficult; sometimes it's detectable in email spam campaigns and exploit kits.[10] The scraping capability of Kasidet has now been enhanced by cyber criminals and it now hides C&C server in the Namecoin DNS Service Dot-Bit.

Incidents

See also

References

  1. ^ "What is Kasidet Malware?". Microsoft. Retrieved 2016-06-09.
  2. ^ "Kasidet uses Namecoin's Dot-Bit service to hide C&C servers". 4 August 2016. Retrieved 2016-08-04.
  3. ^ "Kasidet POS RAM Scraper Bot". Archived from the original on 2018-09-09. Retrieved 2016-08-23.
  4. ^ "Major Botnet Malware". Retrieved 2015-12-03.[dead link]
  5. ^ "Backdoor Neutrino Malware". 2 February 2016. Retrieved 2016-02-02.
  6. ^ "Kasidet Neutrino Malware Operation". Retrieved 2015-09-24.
  7. ^ a b "Malicious Office Files Dropping Kasidet And Dridex". Retrieved 2016-01-29.
  8. ^ "ATTACKERS DROPPING KASIDET BOT with Advanced Features". February 2016. Retrieved 2016-06-09.
  9. ^ "C&C Servers Add Third 'C' With New Concealment Tools". Retrieved 2016-08-08.
  10. ^ "Kasidet DDOSing Bot Adds Credit Card Scraping Capabilities". 25 September 2015. Retrieved 2015-09-25.
  11. ^ "Vermont utility finds alleged Russian malware on computer". 31 December 2016. Retrieved 2017-01-01.
  12. ^ "RUSSIANS PENETRATED BURLINGTON ELECTRIC DEPARTMENT COMPUTER". 30 December 2016. Retrieved 2016-12-30.
  13. ^ "The Russians are Hacking Burlington_Electric_Department laptop". Archived from the original on 2017-01-06. Retrieved 2016-12-30.
  14. ^ a b "MS Office files delivering malware". February 2016. Retrieved 2016-02-01.


Stub icon

This malware-related article is a stub. You can help Wikipedia by adding missing information.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.