RawPOS Malware

A new variant of RawPOS has been discovered. RawPOS was first discovered in 2008 and is a highly configurable, multi-stage memory scraper. The new variants modification is making the malware undetectable.

Threat ID:: CC-1268
Category:: Spyware
Threat Severity:: Low
Threat Vector:
Published:: 16 March 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Windows All Versions

Threat details

RawPOS has a configurable modular design which ensures a high success rate for attackers. The malware is also recognised for its overall support for multiple point-of-sale (PoS) software, allowing it to attack up to 79 different PoS software.

This new variant of RawPOS had remained undetected because there was code missing, allowing it to bypass the most common signatures found for POS malware. Removing certain lines of code does eliminate certain functions but it still performs the way it was designed to.

As a result, keeping antivirus solutions up-to-date is important so threats like this are caught or manually blocked via proactive processes.

Remediation steps

Type	Step
	Keep anti-virus protection up to date. Ensure all security updates are downloaded and installed.

Last edited: 17 February 2020 11:37 am