Trend Micro researchers describe MajikPOS as malware that is similar in purpose to other recent POS data stealing tools, such as FastPOS and ModPOS, but different from them in the manner in which it deploys. Many MajikPOS infections have involved the use of a remote access Trojan (RAT) that appears to have been installed on the systems sometime between August and November last year. The RATs are designed to determine if the systems on which they have been installed are worthy of further exploitation.
If the endpoint appears promising, the operators of MajikPOS malware then use a combination of methods including VNC, Remote Desktop Connection, and command-line FTP to install the POS malware.
Another interesting aspect of MajikPOS is that it is coded in .NET, which is a somewhat rare choice of programming framework for malware authors.
Once installed on a system, MajikPOS inventories it thoroughly for payment card numbers, including looking for them in memory, and then exfiltrates the data to its command-and-control server.
For More Information, call us on 1866-446-2954 and we’ll be happy to assist you.