A new sophisticated point-of-sale or memory-scraping malware called “Multigrain” was discovered on April 17, 2016 by the FireEye Inc. security company. Multigrain malware comes under the family of NewposThings Malware. This malware is similar to the NewposThings, FrameworkPOS and BernhardPOS malware which were known previously as notorious malware.
Contents
Process of Multigrain malware
Multigrain uses the Luhn algorithm to validate the credit and debit card details. This POS malware then infects the computer and blocks Hypertext Transfer Protocol (http) and file transfer protocol (ftp) traffic which monitors the data exfiltration. It exfiltrates the scraped information of credit and debit card via Domain Name Server (DNS). Then it sends the collected payment card information to a 'command and control server' server.
Targets one POS platform
Multigrain targets specifically the Windows point of sale system, which has a multi.exe executable file. If Multigrain gets into a POS system that does not have multi.exe then it deletes itself without leaving any trace.