By Brian Prince on December 18, 2014 Researchers at Trustwave have uncovered a new variant of the Alina point-of-sale (PoS) malware.
Dubbed Spark, the malware differentiates itself from other versions of Alina in a number of ways, including its use of AutoIt as a loader. AutoIt is a BASIC-like scripting language designed for automating the Windows GUI and general scripting.
"Typically compiled scripts are very simplistic," said Eric Merritt, Security Researcher at Trustwave. "This is a much more advanced use of the technique. Due in-part to the ease of use of AutoIT, attackers can trivially alter the malware's file signature to avoid AV detection."
According to Trustwave, the AutoIt script contains functions to allocate space in memory, map a binary into that memory, fix the relocations and Import Address Table and execute the binary.
Full Article
Researchers ID New Variant of Alina PoS Malware
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.