Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:37:39 UTC
Home > List all groups > List all tools > List all groups using tool NitlovePOS
 Tool: NitlovePOS
Names
NitlovePOS
nitlove
Category Malware
Type POS malware, Credential stealer
Description
(FireEye) The NitlovePOS malware can capture and ex-filtrate track one and track two
payment card data by scanning the running processes of a compromised machine. It then
sends this data to a webserver using SSL.
We believe the cybercriminals assess the hosts compromised via indiscriminate spam
campaigns and instruct specific victims to download the POS malware.
Information <https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.html>
Malpedia <https://malpedia.caad.fkie.fraunhofer.de/details/win.nitlove>
AlienVault OTX <https://otx.alienvault.com/browse/pulses?q=tag:nitlovepos>
Last change to this tool card: 28 December 2022
Download this tool card in JSON format
All groups using tool NitlovePOS
Changed Name Country Observed
Unknown groups
  _[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0ae1012e-3697-4c28-a12e-d469fecf9f58
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0ae1012e-3697-4c28-a12e-d469fecf9f58
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0ae1012e-3697-4c28-a12e-d469fecf9f58
Page 2 of 2

Unknown groups _[ Interesting malware not linked to an actor yet ]_
1 group listed (0 APT, 0 other, 1 unknown) 
   Page 1 of 2