LockPoS, a point-of-sale malware program discovered in 2017 stealing payment card data from computers’ memory, is now using a new malware injection technique designed to bypass antivirus hooks and evade detection. Hod Gabriel, malware analyst at Cyberbit, reported in a company blog post last week that LockPoS uses three main routines – all of which are exported from ntdll.dll, a core Windows dynamic link library file – in order to inject malicious code into a remote process.
Published by Retail Network Security Solutions
Retail Network Security Solutions is passionate about computer network security consulting to help small and medium retailers create and maintain a secure and compliant network that will protect their business from unwanted intruders. View all posts by Retail Network Security Solutions