DooKey
[H]F Junkie
- Joined
- Apr 25, 2001
- Messages
- 13,554
Thanks to the author of TreasureHunter PoS malware the source code for this is now available in the wild. This malware was previously used by a Russian-speaking group named Bearsinc to steal CC data. Now that the source is available to all we can probably expect many groups to modify the code and cause even more financial damage to companies and individuals who use credit cards. Thanks a lot anonymous dude for putting this out there. However, there is one bright side to it and that's the fact that white hats can now analyze the code and develop better defenses against this kind of malware.
What is not clear at the moment is why exactly the Russian-speaking author of the malware decided to leak its source code publicly. "We hypothesize it is likely they did this in [an] attempt to distance themselves from being unique malware code owners," says Kremez. Often, threat actors resort to the tactic to frustrate efforts by law enforcement investigators and security researchers to attribute attacks and malware to specific threat actors and groups.
What is not clear at the moment is why exactly the Russian-speaking author of the malware decided to leak its source code publicly. "We hypothesize it is likely they did this in [an] attempt to distance themselves from being unique malware code owners," says Kremez. Often, threat actors resort to the tactic to frustrate efforts by law enforcement investigators and security researchers to attribute attacks and malware to specific threat actors and groups.