Categories: NewsSecurity

Thousands of Amazon AWS Instances Host C&C Servers for POS Malware

Malware has turned into a booming industry for cybercriminals over the past few years. In fact, there are so many types of malware in circulation that no hardware or software is safe from harm right now. Point-of-sale (POS) terminals are of particular interest to criminals, although a lot of these efforts are not overly successful. New research by the Kromtech Security Center shows how ElasticSearch servers are some of the main culprits when it comes to hosting PoS malware.

Point-of-sale Malware is a big Problem

Anyone who owns or works at a physical store will have come in contact with point-of-sale devices. These terminals allow retailers to accept different payment methods including debit, credit, and bank cards. A

point-of-sale terminal is greatly valuable to any business owner. After all, one can barely afford to run a business without accepting card payments with a PoS terminal these days.

Unfortunately – though perhaps not unexpectedly – these machines have become targets for cybercriminals. Rather than physically modifying a point-of-sale terminal, criminals are now using different types of malware to remotely control information processed by the device. In most cases, such malware is used to collect payment card information, which is then used for nefarious purposes or sold to other criminals on the darknet.

There are currently two PoS malware strains that are particularly concerning.

Related Post
AlinaPOS and JackPOS are two very serious threats to anyone who owns a point-of-sale terminal. As most of these devices are connected to the Internet in one way or another, they are effectively prone to infection by these malware strains. Both of these strains have seen a major increase in their distribution of late, which is rather troublesome.

It turns out one of the distribution methods for both AlinaPOS and JackPOS comes in the form of ElasticSearch servers. Over 15,000 of these servers are accessible through the Internet without requiring any form of authentication whatsoever. Over 4,000 unsecured servers are used to host files related to AlinaPOS and JackPOS’s command & control infrastructure. That is a big problem which should be addressed sooner rather than later.

This information hints at how ElasticSearch servers are often used to host POS malware command & control servers. What is more, 99% of all POS malware-infected servers are hosted on Amazon’s AWS service. That is not surprising by any means, as AWS allows users to get a free instance with up to 10gb of disk space. The t2 micro EC2 instance can only be set up with ElasticSearch versions 1.5.2 and 2.3.2. It makes perfect sense for criminals to use these free tools to host POS malware C&C infrastructure.

Thankfully, Amazon and other affected companies have been notified about this problem. So far, no one has issued a response or attempted to address this problem in the first place, which is not a good sign. While POS malware is often considered a niche threat, one has to wonder why there are over 4,000 command & control servers in existence today. Both AlinaPOS and JackPOS have caused a lot of damage over the past few years and they are still actively used to this day. Perhaps this is not such a niche market as originally assumed.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Crypto Insiders Are Bullish on XRP, Solana, and JetBolt: Here’s Why

The buzz surrounding XRP, Solana (SOL), and JetBolt (JBOLT) continues to captivate the crypto community.…

16 mins ago

BDAG Bonus Reveals 6th Mystery Chest; Litecoin & Ethereum See Surge

Buyers Pour Millions into BlockDAG as its ‘6th Mystery Chest’ Goes Viral! More on Ethereum…

1 hour ago

Web3Bay, Solana & Tron: Leading the Utility Coin Revolution

The Next Big Crypto Projects: Why You Should Add Web3Bay, Solana, & Tron to Your…

4 hours ago

Last Chance Alert: Join the Best Crypto Presale Now for Top 7 Trending Cryptos

Imagine securing a stake in the next big cryptocurrency before it skyrockets. A chance investors…

5 hours ago

Remittix (RTX) Set To Surpass Ripple (XRP) In 2025 With The Dawn Of PayFi—5000% Rally Expected

Ripple (XRP) has certainly been around the crypto market long enough for anyone to have…

5 hours ago

What Are the Top Decentralized Crypto Wallets for This Year?

Master Your Crypto Portfolio: Leading Decentralized Wallets for Maximum Control & Earnings in 2025 With…

5 hours ago