Alina POS - Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-02 11:09:50 UTC
 Tool: Alina POS
Names
Alina POS
Track
alina_eagle
alina_spark
aline_joker
katrina
Category Malware
Type POS malware, Reconnaissance, Credential stealer
Description
(Trustwave) Alina is a well-documented family of malware used to scrape Credit Card (CC)
data from Point of Sale (POS) software. We published a series of in-depth write-ups on the
capabilities Alina possesses as well as the progression of the versions. Xylitol has a nice write-up on the Command and Control (C&C) aspects of Alina.
Information
Malpedia Last change to this tool card: 02 July 2020
Download this tool card in JSON format
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4682195b-5e67-4d26-bde7-1d915344b84f
Page 1 of 2

All groups using tool Alina POS
Changed Name Country Observed
APT groups
  Operation Black Atlas [Unknown] 2015  
1 group listed (1 APT, 0 other, 0 unknown)
↑
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4682195b-5e67-4d26-bde7-1d915344b84f
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4682195b-5e67-4d26-bde7-1d915344b84f
Page 2 of 2