{"id":36393,"date":"2020-08-01T10:00:27","date_gmt":"2020-08-01T10:00:27","guid":{"rendered":"http:\/\/2e43433c-5a1d-4502-844f-17d58015beac"},"modified":"2020-08-01T10:00:27","modified_gmt":"2020-08-01T10:00:27","slug":"author-of-fastpos-malware-revealed-pleads-guilty","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/author-of-fastpos-malware-revealed-pleads-guilty\/","title":{"rendered":"Author of FastPOS malware revealed, pleads guilty"},"content":{"rendered":"

A 30-year-old Moldovan man pleaded guilty on Friday for creating FastPOS, a strain of malware designed to infect computers processing payment card data from Point-of-Sale (POS) systems.<\/p>\n

Valerian Chiochiu, known in the hacking world as “Onassis” (after the Greek shipping magnate who married Jacqueline Kennedy), was part of the Infraud criminal organization.<\/p>\n

Infraud was a hacking forum that was founded in 2010 and operated as a place for hackers to meet and exchange services. The forum first operated at infraud.cc and infraud.ws, and was primarily known as a place where hackers could sell or buy stolen payment card numbers, stolen identities, and buy, sell, or rent malware and DDOS attacks.<\/p>\n

The forum operated under the slogan of “In Fraud We Trust” and had more than 11,000 registered members.<\/p>\n

According to the US Department of Justice, Chiochiu sold the FastPOS malware on the forum, and then provided support for paying customers.<\/p>\n

His “business” stopped when US authorities seized and took down the forum in February 2018<\/a>. US authorities charged 36 members and arrested 13, but Chiochiu was not among the members in the first wave of arrests — having been arrested at a later undisclosed date.<\/p>\n

\"infraud-organization-v11.png\"<\/span>
<\/span> Image: DOJ <\/span><\/figcaption><\/figure>\n

Last month, Sergey Medvedev (Infraud username “Stells”), one of the two Infraud administrators, pleaded guilty<\/a> for his involvement in the forum.<\/p>\n

<\/section>\n

Chiochiu now becomes the second Infraud member to plead guilty for his crimes and is scheduled to be sentenced on December 11, later this year.<\/p>\n

The FastPOS malware<\/h3>\n

As for Chiochiu’s creation, the FastPOS malware was first discovered by Trend Micro in 2016. In a PDF report<\/a> released at the time, Trend Micro said the malware had three main components: (1) a memory scrapper that collected payment card data from the computer’s RAM; (2) a keylogger for recording user key strokes; and (3) a self-updating mechanism.<\/p>\n

At the time, Trend Micro said it believed it identified the FastPOS author on an online forum asking for help with their (keylogger component) code.<\/p>\n

\"fastpos-code-help.png\"<\/span>