ModPipe Malware Malware Indicators
Newly Discovered “JHook” Module Shows Real Time Card Data Harvesting Capabilities
Foregenix researchers have identified two previously undocumented modules in use by the ModPipe malware, first described by researchers at ESET in November 2020. The new modules demonstrate a capability to capture and exfiltrate Track 1 and Track 2 card data from the Micros RES 3700 Point of Sale (POS) system as well as others, casting a sinister new light on what had previously been thought to be only a moderately dangerous piece of malware.
In their November article, ESET noted that the motive of the attackers remained unclear, as the protections put in place by Micros mean it would be incredibly difficult to extract any valuable information, such as payment card details, from their system without significant effort. While this is true, the discovery of these new modules paints a much clearer picture of the attackers ‘business’ motives, level of sophistication and capability. The required effort that had been outlined would seem to have been applied.