Skip to main content

BlackPOS Malware used in TARGET Data Breach developed by 17-Year Old Russian Hacker

By

Security firm IntelCrawler has been analyzing the recent massive data breaches of Target and Neiman Marcus.  The company said that it has identified the creator of the malware used in these attacks.

According its report, Sergey Taraspov, a 17-year-old boy from Russia, with Online handle 'ree[4]', allegedly first created the sample of the BlackPos malware in March 2013.

Initially the malware is referred as "Kaptoxa"("potatoe" - in russian slang) which was later referred as "Dump memory grabber" in underground forums by the creator.  "BlackPOS" name came from the title used in C&C communications.

BlackPOS is a RAM scrapping malware totally written on VBScript which is designed to be installed on POS devices and steals all data from cards swiped through the infected system.

Based on its own sources, the organization determined that the first victim of the malware is Point of Sale(PoS) systems in Canada, US and Australia.

He has sold more than 40 builds of his creation to cyber criminals from Eastern Europe and other countries, for $2,000.

The hacker has created several hacking tools including a brute force attack and other malicious tools.  He has also made some money with the training for DDOS attacks and Social network accounts hacking.

However,  the organization said that the real cybercriminals behind the Target data breach were just customers of him.
More details about Sergey Taraspov (ree4):
E-mail 1: ree4@list.ru
E-mail 2: ree4@yandex.ru
ICQ: 565033
Skype: s.r.a.ree4

Labels:

Comments

Post a Comment

Popular posts from this blog

Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com

By
http://parse.com   directory traversal vulnerability Little Insight: http://parse.com  was vulnerable to a directory traversal / RCE vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. or Run commend on That Well this is my 4th reward form facebook  Directory Traversal or RCE Vulnerability  That  give me 5th position in Facebook white-hat Page Report Date :23  July 2014 Reward For Directory Traversal or RCE Vulnerability :  20000$ How This work......? As we discussed earlier on my old post  Flowdock Directory Traversal Vulnerability exposed files outside of Rails’ view paths. '%5C' turns into '\' after decoding. Using Rack::Protection    it only rejects '/../' segments in the request path.   patch apply for Rack::Protection acording CVE-2014-0130  and  also Reject now '%5C' turns into '\' af...
Post a Comment
Read more

HC WeB : A Browser for HACKERS...

By
A Browser for HACKERS... Try for Free... Download HC WeB Setup Gallery: Online Penetration Testing Tools Index Information Gathering Whois DNS Location Info Enumeration and Fingerprint Data Mining Search Engines Editors Online Text Editors Share Text Snippets Network Utilities Ping HTTP HTTPS VNC Remote Desktop SSH DNS Sniffers Misc Forensics Frameworks URL Cloaking E-mail Password Cracking Encoders and Decoders Encoders Decoders Malwares Malware Analysis Identify Malicious Websites Suspected Malicious IPs and URLs Application Auditing SQL Injection Cross Site Scripting File Inclusion Anonymity Proxy Others Hackery Open Penetration Testing Bookmarks Collection Hacker Media Blogs, Forums, Magazines and Videos. Methodologies Penetration testing frameworks, standards and methodologies. OSINT Presentations, People, Organizations and Infrastructure.  Exploits an...
Post a Comment
Read more

Confirmed: Angry Birds website hacked by Anti-NSA Hacker

By
Syrian Electronic Army yesterday posted a tweet saying that one of its friend with handle "Anti-NSA" hacker defaced the Angry website. At the time, we were not able to confirm the defacement.  No one was reported to have seen the hack.  Even the Zone-h mirror didn't confirm the defacement, displayed a message "The mirror is onhold and has not been verified yet". So, we didn't have strong proof to report the hack.  Today,  Rovio, creator of angry birds, confirmed that the defacement was there for few minutes and corrected immediately.  Now, the Zone-h record also confirmed it. Antti Tikkanen, Director of Security Response at F-Secure Labs, said in twitter that the attack is actually 'DNS Hijack attack'. He mentioned that the website itself not touched by the hacker; hacker managed to modify the DNS records. He also said that the angrybirds website pointed to some IP address(31.170.165.141) assoicated with Lithuania for at least one hour.  The same ...
Post a Comment
Read more