Floki Bot, a POS malware, a banking Trojan that’s based on Zeus, is evolving fast in the cybercrime underground, as per recent reports.
Well, POS malware is sort of a trend these days. Hackers are targeting enterprises with POS malware and enterprises too are giving top priority to Point of Sale security. As per reports, Floki Bot, which was developed starting from the Zeus code that was leaked five years ago, in 2011, is recently on sale on various darknet markets. The news is that it is offered for $1,000 worth of bitcoins. What excites hackers is that Floki Bot claims to have several new capabilities compared to Zeus Trojan, some of which (like for example anti-detection features) are really attractive as regards cybercriminals.
Floki Bot reportedly has a Brazilian origin. As per reports, the threat actor behind this new malware is currently using the ‘flokibot’ monitors and communicates in Portuguese. The POS malware targets IP addresses in Brazil; the systems that are targeted have default language set to Portuguese. The targeted systems have the default timezone set to Brazil UTC -03:00. These factors indicate the possibility of the threat actor being of Brazilian origin. It’s reported that there are many Point of Sale security breaches being executed with the Floki Bot malware targeting U.S., Canadian and Brazilian banks, and insurance firms.
Floki Bot makes it way into systems and networks mostly through spear phishing attacks, one of the most common strategies used by cyber criminals to cause POS security breaches. Victims are tempted to open phishing mails, which would enable malicious macros that are there in the Microsoft Word documents that are sent as attachments with these phishing mails. Once these macros are enabled, they execute the POS malware that seeks to inject the malicious code either into ‘explorer.exe’ or ‘svchost.exe’.
Like any other POS malware attack, the security breaches caused by Floki Bot also would lead to the stealing of sensitive personal data of customers, especially credit card information. Since it’s now Christmas time, cybercriminals would no doubt think of using Floki Bot to get away with as much of credit card data as possible.