The author of FastPOS PoS malware pleads guilty to Security

A 30-year-old Moldovan man pleaded responsible this week for creating the FastPOS malware that contaminated PoS methods worldwide.

The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded responsible on Friday for creating the notorious FastPOS Level-of-Sale (POS) malware.

Chiochiu was a member of the Infraud world cybercrime group concerned in stealing and promoting bank card and private id information.

In response to the DoJ, the actions of the ring tracked as ‘Infraud Group’, prompted $530 million in losses. The group is lively since 2010, when it created in Ukraine by Svyatoslav Bondarenko.

The platform provided a privileged aggregator for criminals (10,901 permitted “members” in early 2017) that allowed to purchase and promote cost card and private information.

The Infraud Group used quite a few web sites to commercialize the info, it applied a traditional and environment friendly e-commerce for the stolen card and private information, implementing additionally a score and suggestions system and an escrow” service for funds in digital currencies like Bitcoin.

The primary web site was against the law discussion board that was based in 2010, it first operated at and

Chiochiu bought the FastPOS malware on the discussion board, it first appeared within the risk panorama since 2016.

The malware was first noticed by specialists at Development Micro, it was dubbed FastPOS due to its means to shortly exfiltrate harvested information.

FastPOS PoS malware has a modular construction that features a reminiscence scraper part and a Key Logger.

The elements FastPOS’s new model is sporting are:

  • Serv32.exe – creates and screens a mailslot and sends its contents to the C&C server
  • Kl32.exe – keylogger part (32-bit)
  • Kl64.exe – keylogger part (64-bit)
  • Proc32.exe – RAM scraper (32-bit)
  • Proc64.exe – RAM scraper (64-bit)

When card information are captured on the contaminated system they don’t seem to be regionally saved, however they’re instantly transferred to command and management servers in clear textual content

The malware was utilized by risk actors to focus on each enterprises and SMBs in a number of nations the world over, together with the US, Brazil, France, Japan, Hong Kong  and Taiwan.

The FastPOS malware was often served by way of compromised web sites, by way of VNC entry utilizing stolen credentials or brute-force assaults, or by means of a file-sharing service.

In February 2018, the US authorities dismantled the Infraud Group and Chiochiu stopped his exercise. On the time, the Justice Division introduced indictments for 36 individuals charged with being a part of the crime ring.

On the finish of June, Sergey Medvedev (aka “Stells”), one of many two Infraud directors, pleaded responsible for his function within the crime group.

Chiochiu can be sentenced on December 11.

Pierluigi Paganini

(SecurityAffairs – hacking, FastPOS)



You May Also Like