New point-of-sale malware Multigrain steals card data over DNS

Security researchers have found a new memory-scraping malware program that steals payment card data from point-of-sale (PoS) terminals and sends it back to attackers using the Domain Name System (DNS).

Dubbed Multigrain, the threat is part of a family of malware programs known as NewPosThings, with which it shares some code. However, this variant was designed to target specific environments.

That’s because unlike other PoS malware programs that look for card data in the memory of many processes, Multigrain targets a single process called multi.exe that’s associated with a popular back-end card authorization and PoS server. If this process is not running on the compromised machine, the infection routine exists and the malware deletes itself.

To read this article in full or to leave a comment, please click here