Probably the most intriguing parts of ModPipe are its downloadable modules. Overview of ModPipe backdoor architecture Downloadable modules
This would limit the amount of valuable information viable for further sale or misuse, making the full “business model” behind the operation unclear. The only customer data stored in the clear and thus available to the attackers should be cardholder names.
However, based on the documentation of RES 3700 POS, the attackers should not be able to access some of the most sensitive information – such as credit card numbers and expiration dates – which is protected by encryption.
This shows that the backdoor’s authors have deep knowledge of the targeted software and opted for this sophisticated method instead of collecting the data via a simpler yet “louder” approach, such as keylogging.Įxfiltrated credentials allow ModPipe’s operators access to database contents, including various definitions and configuration, status tables and information about POS transactions. One of them – named GetMicInfo – contains an algorithm designed to gather database passwords by decrypting them from Windows registry values. What makes the backdoor distinctive are its downloadable modules and their capabilities.
You should be an AT&T Internet customer with att.net email address(member id) and password to download.Backdoor authors show deep knowledge of the targeted POS software, decrypting database passwords from Windows registry valuesĮSET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS – a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide.
Here is how to get your free anti-virus from AT&T.
If you’re an AT&T Internet Customer, you are eligible to download FREE McAfee anti-virus software for Windows and Mac.