ModPipe malware decrypts Oracle database passwords

A new malware named ModPipe that is targeting Oracle Micros Hospitality RES 3700 point-of-sale systems has been discovered recently. ModPipe is a backdoor that steals passwords for the PoS system databases by decrypting them from Windows registry values. ModPipe uses a modular architecture to extend its feature through its components. Researchers at ESET found several basic ModPipe components - GetMicInfo - steals database passwords, ModScan - runs scans on specified addresses, and ProcList - enumerates running processes and their modules. Read more...