Learn More about GamaPOS in the Andromeda Botnet
GamaPOS is a newer breed of POS threats that are sweeping the US and Canada through the use of the Andromeda botnet. It is the latest threat in a long list of scraper threats that can steal credit card information from the PointofSale system. It uses the .NET framework, which is a first for POS threats.
At Comodo, we understand your worries when it comes to any new malware program. It can help to understand it more, but the best thing to do is prevent it from getting on your computer or removing it if it is already on it.
How It Works
The GamaPOS in Andromeda Botnet works by:
- Evaluating a list of URLs
- Seeing which URL has a C&C server or control panel
- All communication is through HTTPS, so once it finds a good panel, it starts execution
- It only needs one panel to start and works the list from top to bottom until it finds one
- It doesn’t exempt any processes and goes through them all, as well as dumping Track 2 data
- It takes those unique card number values and stores them in a text file in the same folder
- It uploads the collected data via the server that was chosen earlier
What You Can Do
POS security is a necessity for all businesses. If you are worried about GamaPOS and other similar malware scraping tools, you should consider using an efficient filter that removes spam emails. You can also scan attachments for viruses. You should also keep up with patching to fix vulnerabilities that are known.
Our product can handle all of that, and so much more, as it is considered a full security suite of products. If you would like more information, please contact us today.