Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:04:59 UTC
Home > List all groups > List all tools > List all groups using tool LockPOS
 Tool: LockPOS
Names LockPOS
Category Malware
Type POS malware, Credential stealer
Description
(Cylance) LockPOS is a point-of-sale malware discovered in 2017 that is used to
exfiltrate payment card data from targeted point-of-sale systems’ memory. The most
recent version of LockPOS examined here changed its injection technique to drop the
malware directly to the kernel to evade detection and bypass traditional antivirus (AV)
hooks.
Information
Malpedia AlienVault OTX Last change to this tool card: 24 May 2020
Download this tool card in JSON format
All groups using tool LockPOS
Changed Name Country Observed
Unknown groups
 _[ Interesting malware not linked to an actor yet ]_
1 group listed (0 APT, 0 other, 1 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d309aab8-3ff4-4f80-8d7f-a1834714fac9
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d309aab8-3ff4-4f80-8d7f-a1834714fac9
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d309aab8-3ff4-4f80-8d7f-a1834714fac9
Page 2 of 2

Unknown groups _[ Interesting malware not linked to an actor yet ]_
1 group listed (0 APT, 0 other, 1 unknown) 
   Page 1 of 2