LusyPOS Malware Detection

Critical Nessus Plugin ID 80457

Synopsis

Nessus detected a malicious process on the remote host.

Description

The remote host is running LusyPOS, a point-of-sale (POS) malware that uses memory scraping techniques and the Tor network to exfiltrate data.

Solution

Remove the infection or restore the system from a known set of good backups.

See Also

http://securitykitten.github.io/lusypos-and-tor/

Plugin Details

Severity: Critical

ID: 80457

File Name: lusypos_detect.nbin

Version: $Revision: 1.111 $

Type: remote

Family: Backdoors

Published: 2014/01/12

Modified: 2018/06/06

Dependencies: 70621, 70329

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Vulnerability Publication Date: 2014/12/01