POS Device.jpg

Kasidet (also known as Neutrino Bot) is a malware targeting Point of Sale (POS) devices that performs memory scraping to steal credit card information and browser hooking to steal sensitive data from web browsers on infected devices.

The malware also has the ability to participate in DDoS attacks, execute commands, log keystrokes, and propagate itself through network folders and removable devices.

In a recent attack, Kasidet was sent through a fake patch to the Magento POS system that claimed, ironically, to fix security vulnerabilities. It has also been seen spreading through spearphishing emails that contain documents with malicious embedded macros.

Enabling the TSCritical targets in your user policy will add protection against Kasidet to your ThreatSTOP DNS and IP Firewall Services. If you do not have a ThreatSTOP account Sign up to try a demo.

If you do have a ThreatSTOP account, instructions to add targets to DNS or IP Firewall policies are available on the ThreatSTOP Documentation Hub. Or contact our Support team.