Once again ESET, the European cyber security company, warns about viruses that provide information. This malware in particular facilitates access to confidential information in hotels, bars and restaurants. The ModPipe malware, discovered by ESET, is a modular backdoor that attacks confidential information systems. Specifically, it allows access to information stored in POS ORACLE MICROS Restaurant Enterprise Series (RES) 3700. This is a software used by thousands of hotel companies, restaurant services, bars and related companies around the world.

This is a software used by thousands of hotel companies, restaurant services, bars and related companies around the world

It is important to mention that backdoors are malware that allow malicious users to access infected computers. As their name suggests, they open “backdoors” in computers through which remote users can control the computer. In this way they can access information, modify files and execute actions on the computer. This type of Trojan cannot spread or install itself, but requires manual installation. However, their attacks are potentially serious.

How does ModPipe work?

This Backdoor stands out for its downloadable modules. One of them, called GetMicInfo, has an algorithm that collects passwords from databases. In this way, ModPipe operators access the database. Specifically from the credentials obtained. This way they obtain information about POS transactions, configuration and definitions. According to this, the data obtained by the attackers should not be card numbers or expiration dates. They only obtain the clearly stored data: names of the card holders. However, this may be a sign that there is another module that allows decryption of more sensitive data such as passwords or card numbers.

General description of the ModPipe backdoor architecture from ESET website

In view of this discovery, ESET recommends to companies using POS to download the latest version of the program. Likewise, the unique use of devices with updated operating systems. In addition, to implement other virtual protection strategies, such as multi-layer security solutions that allow the detection of this and other malware




Leave a Comment

Your email address will not be published. Required fields are marked *