LusyPOS Malware Detection

critical Nessus Plugin ID 80457

Synopsis

Nessus detected a malicious process on the remote host.

Description

The remote host is running LusyPOS, a point-of-sale (POS) malware that uses memory scraping techniques and the Tor network to exfiltrate data.

Solution

Remove the infection or restore the system from a known set of good backups.

See Also

http://securitykitten.github.io/lusypos-and-tor/

Plugin Details

Severity: Critical

ID: 80457

File Name: lusypos_detect.nbin

Version: 1.230

Type: remote

Family: Backdoors

Published: 1/12/2014

Updated: 1/23/2023

Asset Inventory: true

Hardware Inventory: true

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Vulnerability Publication Date: 12/1/2014