The ESET researchers have warned against a novel malware working as a modular backdoor. It gives intruders access to the sensitive information of Point-of-Sale (PoS) systems. The malicious software is dubbed ModPipe.
Primarily, cybersecurity researchers have warned and the hotel both hospital sectors to be wary of ModPipe.
The report claims the backdoor “ModPipe” targetsOracle MICROS Restaurant Enterprise Series (RES) 3700 PoS systems.
RES 3700 is popular hotel and hospital management system used in the UnitedaStates. This system helps in maintaining PoS, inventory, and labor management.
Basic components as a matter of fact of ModPipe
The ESET research team identified these backdoor modules’ existence and discovered the malware’s ‘basic units.’ The necessary components perform in a sequential pattern;
- The initial dropper is consist of two famous binaries, 32-bit and 64-bit.
- Then comes the persistent loader, which loads the main module performing the core function.
- The networking module helps communicate with C&C.
- At last, downloadable modules add specified functionality to the backdoor, such as stealing the database passwords.
As you may know, What makes this malware dangerous?
The researchers were able to monitor numerous downloadable modules. Indeed, GetMicInfo, the most threatening module, helps steal database , passwordssettings, and other crucial facts. The algorithm decrypts the details from Windows from another perspective registry values.
wild downloadable modules that compriseThecustom algorithms can adjust accordingly. They slide . the PoS database system leaking the informationinto That’s what makes ModPipe a dangerous malware.
When the ModPipe malware breaches the and from another perspective database, it can access status tables, system configuration, PoS transaction history.
Certain modules are not in modern times traced yet. Thus far, the researchers have discovered GetMicInfo, ModScan, and ProcList. Actually, While the remaining four are still to be identified.
ESET’s researchers believe that numbers, in its elemental state, is not that strong to access credit card ModPipe or expiry dates. Despite all this danger, the RES 3700 system’s encryption standards make it safe enough to hide the card information.
Indeed,The researchers noted,
“The objective of the attacker remains unclear.”
The most important information on the PoS system is the card information, and to steal that; the attacker needs to have passphrase that is site-specific.
This process needs to be executed in the module to access such from another perspective sensitive information. It would then face), the Windows Details Protection API (DPAPI implemented automatically on the targeted system.
The hotel sectorhasn’t been targeted with PoS malware for the first time. In June 2016, a swathe of US hotels had fallen prey to PoS malware that reportedly exposed customers’ financial data.The data breach divulged data from tens of thousands of drinks, food, and other transactions.
