{
	"id": "8733b178-44cb-4f96-97fc-ca589e742c27",
	"created_at": "2026-04-06T00:22:28.772398Z",
	"updated_at": "2026-04-10T03:21:04.279Z",
	"deleted_at": null,
	"sha1_hash": "2e53d3116deb7be26217f19cda6521b42e23d791",
	"title": "Grateful POS (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29898,
	"plain_text": "Grateful POS (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 22:56:06 UTC\r\nPOS malware targets systems that run physical point-of-sale device and operates by inspecting the process\r\nmemory for data that matches the structure of credit card data (Track1 and Track2 data), such as the account\r\nnumber, expiration date, and other information stored on a card’s magnetic stripe. After the cards are first scanned,\r\nthe personal account number (PAN) and accompanying data sit in the point-of-sale system’s memory unencrypted\r\nwhile the system determines where to send it for authorization.\r\nMasked as the LogMein software, the GratefulPOS malware appears to have emerged during the fall 2017\r\nshopping season with low detection ratio according to some of the earliest detections displayed on VirusTotal. The\r\nfirst sample was upload in November 2017. Additionally, this malware appears to be related to the Framework\r\nPOS malware, which was linked to some of the high-profile merchant breaches in the past.\r\n[TLP:WHITE] win_grateful_pos_auto (20251219 | Detects win.grateful_pos.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.grateful_pos\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.grateful_pos\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.grateful_pos"
	],
	"report_names": [
		"win.grateful_pos"
	],
	"threat_actors": [],
	"ts_created_at": 1775434948,
	"ts_updated_at": 1775791264,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2e53d3116deb7be26217f19cda6521b42e23d791.pdf",
		"text": "https://archive.orkl.eu/2e53d3116deb7be26217f19cda6521b42e23d791.txt",
		"img": "https://archive.orkl.eu/2e53d3116deb7be26217f19cda6521b42e23d791.jpg"
	}
}