Home / malware Infostealer.Posteal
First posted on 28 February 2015.
Source: SymantecAliases :
There are no other names known for Infostealer.Posteal.
Explanation :
The Trojan may arrive through another threat that has already compromised the computer.
When the Trojan is executed, it reads the memory of existing processes and gathers track one and two data from credit cards.
The Trojan avoids reading the memory of the following processes: svchost.exe spoolsv.exe Explorer.exectfmon.exentvdm.exealg.execmd.exesmss.execsrss.exewinlogon.exeservices.exelsass.exewininit.exe taskhost.execonhost.exe Dbgview.exe wscntfy.exe wuauclt.exe inetinfo.exePSEXESVC.exewinvnc4.exe
The Trojan then saves the stolen credit card data to the following file: [PATH TO MALWARE]\tracks.txtLast update 28 February 2015
