Newest malware ‘Treasurehunt’ stealing Payment card data of Americans

Black hat hackers has developed a new malwareTreasurehunt‘ which extracts the payment card data from the memory after enumerating the running process. After extracting the data from payment card, Treasurehunt forwards it to a command and control (CnC) server. Once the data of victim is stolen; hacker sell the extracted details in black markets.

There have been many malwares similar to the Treasurehunt which black hat hackers labelled as Point-of-sale (POS) in their underground forums. Last year security researchers has found more than dozen of POS malwares.

“Target” was one of the many big corporations targeted by these black hat hackers last year; it forces the retail giant to upgrade their systems. But not every business can afford the new certified systems because of the sky-high cost, it has now provided a big opportunity to hackers. That’s why those small businesses now become the primary target of these criminals.

FireEye a cyber security firm was the first to discover this newest malware, which is targeting the thousands of U.S citizens all over the country. Nart Villeneuve security researcher on FireEye’s blog post said, “Criminals appear to be racing to infected POS systems in the United States before U.S. retailers complete this transition”.

He further wrote that “In a typical scenario, Treasurehunt would be implanted on a POS system through the use of previously stolen credentials or through brute forcing common passwords that allow access to poorly secured POS systems.” 


These POS malwares including Treasurehunt are easily available on dark web if you are willing to pay the right price. Those tools available for FREE on dark web are not often as effective as the purchased ones. These free tools are mostly outdated or their source code may have been disclosed, which makes them easier to detect by security software. Average 60 million shoppers in U.S and Canada are effected from payment system hacks in past two years.



Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...