Lastline Labs

Subrat Sarkar

Subrat Sarkar is a Malware Reverse Engineer at Lastline with 7+ years of experience in the Computer security domain. Previously, he worked with QuickHeal, Symantec, McAfee and AttivoNetwork as Security Researcher and Software Developer. He has a keen interest in malware reversing, windows internal, windows kernel drivers and writing code.

Recent Posts

ModPOS: A Framework Lurking in Point-of-Sale System Kernels

Posted by Subrat Sarkar on 4/7/16 5:00 AM

Authored by: Subrat Sarkar, Arunpreet Singh, and Clemens Kolbitsch

Diving deeply into the ModPOS malware framework using sandbox process snapshotting

Point-of-sale (POS) systems are amongst the most valuable targets for attackers today: with direct access to systems processing payment information, miscreants are able to circumvent any encryption between point-of-sale devices and the payment processor, allowing them to spy on - or even tamper with - sensitive payment information.

With ModPOS malware authors have developed a system that not only compromises payment processes at the origin device, but, at the same time, it does so from the kernel of these systems, well outside the reach of most security solutions.

As we will describe in this post, the ModPOS malware is much more than a system for compromising POS systems: it is a versatile framework that allows an  attacker to leverage a practically unlimited range of tools to interfere with a compromised system. Even more, this malware works on any 32-bit Microsoft Windows system (many POS systems on the market today are still running on Microsoft Windows XP) allowing to use this malware on more than just POS systems.

Read More

Subscribe to Email Updates