Cherry Picker - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-05 15:59:59 UTC
Home > List all groups > List all tools > List all groups using tool Cherry Picker
 Tool: Cherry Picker
Names
Cherry Picker
Cherry Picker POS
CherryPicker POS
cherrypickerpos
cherrypicker
cherry_picker
Category Malware
Type POS malware, Credential stealer
Description
(Trustwave) For the last five years Trustwave has been monitoring a threat across a
number of forensic cases that we have dubbed 'Cherry Picker'. This targeted Point of
Sale (PoS) memory scraper has enjoyed a very low detection rate in the wild for quite
some time. Cherry Picker uses a new memory scraping algorithm, a file infector for
persistence, and cleaner malware that removes all traces of the infection from target
systems. This sophisticated functionality and highly targeted victims have helped the
malware remain under the radar of many AV and security companies. This post will
expose the functionality of Cherry Picker and hopefully help organizations provide
protection from this threat.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022
Download this tool card in JSON format
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=617bd0a3-821e-43b4-9619-a6fd084d1439
Page 1 of 2

All groups using tool Cherry Picker
Changed Name Country Observed
Unknown groups
  _[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=617bd0a3-821e-43b4-9619-a6fd084d1439
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=617bd0a3-821e-43b4-9619-a6fd084d1439
Page 2 of 2