Last week the Security researchers from Arbor Network released a report on the POS Soraya malware, they included various hashes and values which allowed researchers to research the Soraya malware. The Arbor Network did not include the source code of the Soraya POS. The found Soraya POS malware contains similarities to the Dexter and Zeus family.
The Soraya Source code
The Security Researchers from RedSocks (The Netherlands), have done a quick sweep on the Soraya malware. We had some contact with the RedSocks company, as they are experienced malware hunters. We asked them if they could provide additional information on the Soraya POS malware.
The RedSocks security researchers provided incredible valuable information about the Soraya POS malware. They were able to find the ‘Soraya Source code’.
Take a look at the following screenshots which are taken from a malicious POS Soraya malware server.
The cybercriminals behind the Soraya malware are using WordPress environments to host the Soraya C&C malware.