Exclusive: Trojan apparently infects NCR, posing possible supply-chain risk

Exclusive: Trojan apparently infects NCR, posing possible supply-chain risk

String of ATMs seen at Hartsfield-Jackson Atlanta International Airport. A trojan infected NCR Corporation, potentially posing a supply chain risk to customers of the popular point-of-sale and ATM software developer.(Photo by: Jeffrey Greenberg/Universal Images Group via Getty Images)

A trojan infected NCR Corporation, potentially posing a supply chain risk to customers of the popular point-of-sale and ATM software developer, the CEO of cybersecurity firm Prevailion exclusively told SC Media.


Prevailion CEO Karim Hijazi identified the malware as Lethic, an old botnet threat that dates back to roughly 2008. While traditionally it has been used to distribute spam, it has full trojan capabilities including remote access, lateral movement, and the downloading of additional payloads. While Lethic is not new to the scene, Hijazi noted that often such malwares are repackaged so that conventional anti-virus tools won’t catch them.


Hijazi said Prevailion, which monitors malicious command-and-control communications over the internet, witnessed more than 180 days of C2 beaconing activity stemming from an IP address traced to NCR in Atlanta, home to the tech company’s headquarters.


“It’s been going on for an incredibly long time from our perspective… and it looks like there’s been even ..

Support the originator by clicking the read the rest link below.