He scoured underground forums for information about the malware and says that BlackPOS was initially dubbed "Kaptoxa" ("potatoe" in Russian slang), its first version was created in March 2013, and its creator is a 17-year-old from St. Petersburg that goes by the online handle "Ree" ("ree4").
Since then, the teenager has apparently sold over 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries, including the owners of underground credit cards shops, claims Komarov. He also says that several copies of the malware were sold by the teenager in the form of source code, and that he has modified the malware on demand in various occasions.
He was apparently asking $2,000 for the malware, or occasionally a percent of the stolen info. He also seems to have started his career as hacker by offering social account hacking services and by teaching others how to mount DDoS attacks.
InterCrawler researchers have also tied this malicious actor with a VK social profile, and posit that he might be one of a group of hackers with roots in St. Petersburg.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.