Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:01:15 UTC
Home > List all groups > List all tools > List all groups using tool PwnPOS
 Tool: PwnPOS
Names PwnPOS
Category Malware
Type POS malware, Credential stealer
Description
(Trend Micro) PwnPOS is one of those perfect examples of malware that’s able to fly
under the radar all these years due to its simple but thoughtful construction; albeit not
being future proof. Technically, there are two components of PwnPOS: 1) the RAM
scraper binary, and 2) the binary responsible for data exfiltration. While the RAM scraper
component remains constant, the data exfiltration component has seen several changes –
implying that there are two, and possibly distinct, authors. The RAM scraper goes through
a process’ memory and dumps the data to the file and the binary uses SMTP for data
exfiltration.
Information
Malpedia AlienVault OTX Last change to this tool card: 24 May 2020
Download this tool card in JSON format
All groups using tool PwnPOS
Changed Name Country Observed
Unknown groups
 _[ Interesting malware not linked to an actor yet ]_
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2dae9d51-6708-44f3-9253-21bc4262d92f
Page 1 of 2

1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2dae9d51-6708-44f3-9253-21bc4262d92f
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2dae9d51-6708-44f3-9253-21bc4262d92f
Page 2 of 2