Author of BlackPOS is a Russian teenager, researchers say
Posted on 20.01.2014
As the number of active attacks on US merchants continues to rise (we're up to six now), InterCrawler CEO Andrew Komarov believes he has discovered the identity of the author of the BlackPOS malware, modified versions of which have apparently used in the Target and Neiman Marcus breaches.

He scoured underground forums for information about the malware and says that BlackPOS was initially dubbed "Kaptoxa" ("potatoe" in Russian slang), its first version was created in March 2013, and its creator is a 17-year-old from St. Petersburg that goes by the online handle "Ree[4]" ("ree4").

Since then, the teenager has apparently sold over 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries, including the owners of underground credit cards shops, claims Komarov. He also says that several copies of the malware were sold by the teenager in the form of source code, and that he has modified the malware on demand in various occasions.

He was apparently asking $2,000 for the malware, or occasionally a percent of the stolen info. He also seems to have started his career as hacker by offering social account hacking services and by teaching others how to mount DDoS attacks.

InterCrawler researchers have also tied this malicious actor with a VK social profile, and posit that he might be one of a group of hackers with roots in St. Petersburg.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st