Threatstream Labs came across an interesting FrameworkPOS sample that given it is two months old, it’s digitally signed and its certificate hasn't been revoked.
FrameworkPOS is a malware family that targets POS (Point of Sale) terminals and its main objective is to steal credit card data from them in order to be sold in the black market. This blogpost is divided in two sections.
The first section aims to analyze the malware's capabilities e.g.: c2 connectivity, encoding mechanisms and overall system activity. The
second section will provide an analysis on campaign information that was gathered throughout the research.