Contrary to reports that a BlackPOS malware variant was used against Home Depot, it doesn’t appear that the malware is part of the same threat family, a researcher claims.
According to a blog post written by Nuix principal security consultant Josh Grunzweig the malware samples differ too greatly.
Last week, Brian Krebs reported that a new strain of BlackPOS was used to target Home Depot customer card data, much like what occurred at Target last December by saboteurs wielding the malware.
Grunzweig found that BlackPOS was written with a Windows subsystem, while the supposed variant “was written with a console option.” Furthermore, malware installation methods were different between the samples, along with techniques used to obfuscate dumped card data and exfiltrate stolen information. BlackPOS also enumerates processes differently than the malware being linked to the Home Depot breach, he said.