<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><div><img src="http://info.threatstop.com/hubfs/POS%20Device.jpg" alt="POS Device.jpg"></div> <p>Kasidet (also known as Neutrino Bot) is a malware targeting Point of Sale (POS) devices that performs memory scraping to steal credit card information and browser hooking to steal sensitive data from web browsers on infected devices.<!--more--></p> <p>The malware also has the <a href="https://threatpost.com/attackers-dropping-kasidet-bot-via-office-macros/116090/">ability</a> to participate in DDoS attacks, execute commands, log keystrokes, and propagate itself through network folders and removable devices.</p> <p>In a recent attack, Kasidet was sent through a <a href="http://gwillem.gitlab.io/2017/04/21/fake-magento-patch-9789-is-virus/">fake patch</a> to the Magento POS system that claimed, ironically, to fix security vulnerabilities. It has also been seen spreading through spearphishing emails that contain documents with malicious embedded macros.</p> <p>Enabling the TSCritical targets in your user policy will add protection against Kasidet to your ThreatSTOP DNS and IP Firewall Services. If you do not have a ThreatSTOP account &nbsp;to try a demo.</p> <p>If you do have a ThreatSTOP account, instructions to add targets to <a href="http://dochub.threatstop.com/display/TS/ThreatSTOP+DNS+Firewall#ThreatSTOPDNSFirewall-DNSFWPolicy">DNS</a> or <a href="http://dochub.threatstop.com/display/TS/ThreatSTOP+IP+Firewall">IP</a> Firewall policies are available on the ThreatSTOP Documentation Hub. Or contact our <a href="mailto:support@threatstop.com">Support</a> team.</p></span>
