Zeus-Derived POS Malware is Still Effective


Dan Ennis CEO

A recent article in Bank Info Security reports on the latest form of POS Malware floating around the deep web called “”flokibot.” Flokibot has been reported to be a manipulation of the Zeus source code that was released in underground forums in 2011.


According to the article, “Flokibot has been modified in several important ways, including adding a redesigned, stealth dropper – software that is used to install malicious code on a compromised system – that’s designed to evade anti-virus scans.” Analysts studying this strain of malware have seen the execution success rate grow from 30% to over 70% due to this manipulation.


This isn’t the first Zeus-derived malware that has targeted POS systems and it likely won’t be the last. So, what can an organization that deals in payment-card data do to protect themselves from these manipulations that evade anti-virus and their existing security measures?


Malware Protection with Protector POS


Trusted Knight’s Protector is the industry’s first-of-its-kind, patented, proactive defense against the full-range of POS malware strains. Protector provides protection for Windows-based systems (including WIN CE) and Android, against POS crimeware threats by assuming all machines are compromised and when installed preventing the specific functions of POS malware techniques.


Because detection via anti-virus is not a viable option in many cases, Protector stops the malware from collecting or exfiltrating cardholder data and effectively protects POS terminals and systems from allowing cyber criminals from stealing card data.


Learn more about how Protector stops POS Malware in our Malware Protection white paper.