RawPOS

RawPOS is a type of malware that was first identified in 2008 and is part of a family of point-of-sale (POS) malware designed to steal credit card data from retail businesses. Once installed on infected systems, RawPOS can collect payment card information by scraping memory and intercepting network traffic. In 2016, Kroll's Cyber experts conducted an investigation into a collection of malware related to the RawPOS family. They identified multiple tools that attackers had used to expand their foothold within enterprise environments, target specific machines, collect additional information about the compromised environment, and prepare data for exfiltration. The attackers' objective was to steal payment card data and sell it on underground marketplaces. To protect against RawPOS, businesses should regularly update their software and security patches, implement strong password policies, and use multi-factor authentication. Additionally, businesses should train employees on how to identify and report suspicious activity, such as unauthorized access attempts or unexpected system behavior. By taking these precautions, businesses can reduce the risk of falling victim to RawPOS and other types of malware.