Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnPierluigi PaganiniTHN:5177870C93BDD810463E2A8452EB90F1
HistoryJan 20, 2014 - 2:05 a.m.

More details about alleged 17-year-old Russian BlackPOS Malware Author released

2014-01-2002:05:00
Pierluigi Paganini
thehackernews.com
10
JSON

BlackPOS

Security experts at_ IntelCrawler_ provided a new interesting update on BlackPOS malware author, that he forgot to delete his Social networking profile even after the last exposure from the investigators.

As we have reported a few days before that the Intelligence firm IntelCrawler has identified a 17 year old teenager, known as “Ree [4]” in the underground market, as the author of theBlackPOS/Kaptoxa malware used in the attack against Target and Neiman Marcus retailers.

The teenager is not directly responsible for the Target attack, but he sold the BlackPOS to other Cyber Gangs, including the admin’s of underground credit cards market places, “.rescator”, “Track2.name”, “Privateservices.biz” and many others were his clients.

Who is Ree[4]?

IntelCrawler exposed REE[4]'s original profile as _Sergey Taraspov, _a 17 year old Russian programmer, based in St.Petersburg and Nizhniy Novgorod (Russian Federation).

Before both breaches IntelCrawler detected large-scale RDP brute-forcing attacks on Point-of-Sales terminals across the US, Australia and Canada started at the beginning of 2013 year in winter period with weak passwords such as:

> “pos”:“pos”;
“micros”:“micros” (MICROS Systems, Inc. - Point-of-Sale Hardware);
“edc”:“123456” (EDC - Electronic Draft Capture).

After the last report from ‘IntelCrawler’ team, we have noticed the reaction from few security researchers, making doubts about the investigation and details about Ree[4]'s profile.

Today we have another exclusive update and more evidences from Security researchers at _IntelCrawler _on the author of BlackPOS. The author of BlackPOS is the bad actor with nickname “ree4” or “ree[4]”, he started to sell this malware on one of underground forums called “Exploit.in”, as the following screenshot suggests:

BlackPOS Malware author

Despite the author of BlackPOS malware is a cyber expert, it seems that he has ignored the power of social networking platform, and the possibility to use them for OSINT (Open-source intelligence) purposes.

Popular Russian Social networking website called ‘VKontakte’ has a profile with the same nickname as BlackPOS’s author. Obviously this is not a body of evidence.

To collect more evidences, the researchers at IntelCrawler noted that one of the interest mentioned on that profile is “coding”, and they have also matched the email address of the profile through password recovery option by email:

BlackPOS Malware author

According to operative information from IntelCrawler, the person behind the nickname “ree[4]” is Rinat__Shibaev, working closely with Sergey__Taraspov, who was acting as his technical support, having roots in St.Petersburg (Russian Federation), very well known coder of malicious code in the underground community.

Let’s wait for new updates from Andrew Komarov, Dan Clements and the experts at IntelCrawler.

JSON