POSCloud Malware Shows Its Ugly Face

IntelCrawler is a self-described Cyber Threat Intelligence Company that monitors the internet for the most severe threats to consumers and businesses. On Wednesday, IntelCrawler reported that a new attack on cloud based point of sale systems had been launched and the firm says that it targets “grocery stores, retailers and other small businesses using web browsers like Internet Explorer, Safari, and/or Google Chrome.”

The blog post goes on to say that the cloud malware is written to focus on “Front office systems support integration options with credit card readers, barcode scanners, cash drawers, and receipt printers. Back office utilizes Cloud-based POS services; merchants are able to stores data and reporting available in public infrastructure and accessible remotely as well as through mobile devices (e.g., Android, iOS, etc.).”

What does the Malware do?

IntelCrawler says, “Compromised cloud-based POS service providers allow alterations to gift card information, even the ability to create gift cards for themselves and discount vouchers for any customer. In addition, bad actors have the ability to gain access to employee management subsystems, which could be also used for internal fraud.”

The new CloudPOS malware is known as “POSCLOUD.Backdoor/Agent.” As cloud POS systems become more popular due to their cheaper costs, hackers have begun eying these systems. Some analysts have described CloudPOS as “low hanging fruit” in the war to obtain information and sell it to the black market. POS systems can be infected by hackers who have gained unauthorized entry into a secure network. Another possible scenario is that an employee infected the network either with or without nefarious intentions. Regardless of where the infection began, Cloud POS malware is on the rise. In this specific case, IntelCrawler published a 3 page PDF report on the newly discovered Cloud POS vulnerabilities listing the two vulnerabilities that this malware attacks as CVE-2014-0322 and CVE-2014-0502.