Benjamin Hosack

In the UK we don’t often come across brand new POS malware, presumably as we are in a Chip & PIN market, so the “return” for attackers on deploying such technology is limited. Last week though, we did come across what appears to be a new sample that we’re calling TinyPOS.

Subscribe to our Blog

While the sample is a typical memory scraper, it appears to be “hand rolled” assembly language and comes in at only 5120 bytes. The malware contains an old school exclusion list that performs extremely rapid double word comparisons rather than the slower but far more common string comparisons to identify which process to ignore, and internally validates the identified account data through an implementation of the Luhn algorithm.

The malware exfiltrates the collected account data directly to an external Command and Control (C2) Server in Eastern Europe, but unusually the communications utilise “raw” TCP sockets rather than the HTTP protocol that has become the norm in POS malware. The data is encoded prior to transmission using a dword XOR routine, so IDS technology is unlikely to see raw Track data flying around a compromised network.

We’ve seen two variants at this point in time, although they're almost identical, and we will provide additional information over the next few days. Hash values for the samples seen are below.


md5 deb132c28f43fd86508f5ef363a28a73

sha1 a0bb561c1c76e23be99db00089c1350d230238ac

md5 039bd8cc80126ad2b21b45364d47220e

sha1 4920fe1afe5f1fa5ec39499aff807d8c2ca657a7

Is your business under attack?

If you suspect your business may be under attack, we may be able to help.  Click on the link below to find out about our Digital Forensics & Incident Response Team - we support clients locally and globally. 


Find out more Digital Forensics & Incident Response

Contact Us

Access cybersecurity advisory services


Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.