Point-of-Sales Soraya malware

POS Soraya malware

Researchers from Arbor Network have recently discovered a new variant of the Zeus malware. The point-of-sales Soraya malware has some similarities to the older Dexter malware, which infects PoS systems.

The Dexter malware is known for it’s memory scraping functionality.

Soraya has the ability to steal payment card information from memory and then sends that data off to a remote C2 server.

Online Soraya malware

On the Web side, Soraya can grab payment card data from forms as they’re submitted to sites, something that the Zeus malware family has perfected over the years. The combination of the PoS memory scraping functionality and the form-grabbing feature makes Soraya something new on the malware landscape, Bing said.

The origin of the Soraya malware

The name Soraya is a Persian female name. It may refer to:

  • Soraya Tarzi (Wife of King Amanullah Khan of Afghanistan)
  • Soraya Esfandiary-Bakhtiari (Second wife of Mohammed Reza Pahlavi of Iran) also know as Queen Soraya

Command and Control Communication

Screenshots Soraya malware