Kasidet POS RAM Scraper Malware

Kasidet POS Malware is a variant of Point of Sale (POS) Malware that performs DDoS attacks using Namecoin's Dot-Bit service to scrape payment card details. It is also known as Trojan.MWZLesson or Neutrino and was found in September 2015 by cyber security experts. It is a combination of BackDoor.Neutrino.50 and the POS malware.

Operation
Kasidet POS Worm gets on a system along with the other malware or gets downloaded unknowingly when user visits malicious websites. This malware is different from other POS malware and it scrapes data with advanced features. First it scrapes the POS RAM and steals payment card details. Then the scraped information is sent to the cyber criminal with intercepted GET and POST requests from the browser. It's very difficult to detect this bot by using security programs; sometimes it's detectable in email spam campaigns and exploit kits. The scraping capability of Kasidet has now been enhanced by the cyber criminals and it now hides C&C server in the Namecoin DNS Service Dot-Bit.

Incidents

 * The US Government blamed Russian hackers for malicious Kasidet POS malware found in Democratic National Committee computers and a Burlington Electric Company laptop.  In the former case, the software was allegedly used to interfere in the 2016 election.
 * Zscaler has reported that MS Office documents distributed in phishing emails contain macros that install Kasidet POS malware into user machines. The malware is believed to originate in Russia.