A Department of Homeland Security report has fingered new malware it calls Mozart in the security breach at Home Depot.
According to a story in The Wall Street Journal, the DHS report said the malware was tailored to attack the home improvement retailer’s systems. The report, which was based on information gathered in the Secret Service’s investigation of the breach, said that the word Mozart appeared in the software’s code and may have referenced the hacker’s system, the WSJ quoted sources as saying.
In early September reports surfaced suggesting that the same malware that struck Target’s point-of-sale systems over the holidays was also used to target Home Depot’s systems.
Security journalist Brian Krebs revealed the information, saying that, in the Home Depot incident, a new variant of the malware in question, BlackPOS, was used. Krebs, who uncovered the Target breach last December as well as the breach at Home Depot earlier this month, has tracked both incidents closely.
Citing a source close to the Home Depot probe, Krebs said that the new strain of BlackPOS, also known as “KAPTOXA,” infected “at least some of Home Depot’s store registers.”
But about a week later, Josh Grunzweig, Nuix principal security consultant at Nuix, challenged contentions that BlackPOS malware variant was used against Home Depot, saying the malware didn’t appear to belong to the same threat family.
In a blog post, Grunzweig said the malware samples differ too greatly.
The Home Depot breach put 56 million credit and debit cards at risk. The company is now fending off lawsuits, with two class actions filed within the last week. And, recently, reports of fraudulent transactions being made as a result of the breach have surfaced.