The tandem of TinyLoader backdoor and a point-of-sale (PoS) threat, AbaddonPOS was first reportedly seen in November 2015. When we noticed a sudden spike in AbaddonPOS detections just this January, TinyPOS, another PoS malware strain, has also reared its ugly head that time. This prompted us to probe further on these threats and check if they are in any way related to one another.
Our analysis reveals that TinyLoader, a backdoor used for secondary malware infection, is distributing and managing the upgrades of AbaddonPOS. Likewise, TinyLoader is also spreading TinyPOS variants. This leads us to conclude that the operators behind TinyPOS and AbaddonPOS are one and the same.
In this technical brief, we’ll discuss the ties that bind TinyLoader with two notorious PoS threats—AbaddonPOS and TinyPOS, including how the perpetrators behind this operation deployed their arsenals