PoSeidon (malware)

PoSeidon is a name for a family of malicious computer programs targeting computerized Point-of-Sale systems.

History
Cisco's "Talos" computer security research laboratory discovered and introduced the family of malware and their nickname "PoSeidon" on their security blog on 20 March 2015.

Operation
The malware attempts to steal both keystrokes and credit card numbers stored in system memory, by scanning RAM for Discover, Visa, MasterCard and AMEX issued credit cards. The credit card data is then encrypted and sent (exfiltrated) to a number of predefined Russian servers.

If the commercial remote administration software LogMeIn is installed, the LogMeIn settings are modified, forcing the next remote user to enter a username and password. This allows the username and password to be read into the keylogger and exfiltrated.