The message contains an image of a spinner one expects to see when content is loading. A message asks the recipient to enable content by clicking on it. Once a user clicks, the malicious macro is delivered.
Various Command-and-control (C&C) servers are contacted which deliver a new, more evolved variant of AbaddonPOS, capable of testing various blacklist/whitelist implementations and changing methods in the way stolen credit card data is illegally transferred.
Researchers say the malware is still under active development and they expect further email campaigns targeting POS systems to steal credit card data, despite improvements in PCI DSS compliance requirements.
The researchers also report that cybercriminals are intensifying their efforts to exploit the rollout in the US of chip-and-PIN cards by deploying malware as a vital tool for stolen credit card data and ill-gotten gain.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now