The Trojan horse that ruined Christmas for Target

Blame that massive Target hack on the 21st century’s Trojan horse. 

A phony program known as Trojan.POSRAM is to blame for a data hack making public the personal information for upwards of 70 million Target shoppers in December, a heist that extracted everything from names and phone numbers to mailing addresses and personal emails. 

According to iSight Partners, a cyber intelligence company that read an internal report produced by the U.S. Secret Service, the code came to bear from a similarly effective bug known as BlackPOS, developed last year in Russia, and a few “other malicious tools to penetrate networks.” Those additional tools made Trojan.POSRAM more advanced: The program’s technology allowed it complete ambiguity among antivirus programs. 

Once in, the program monitored and subsequently siphoned data stored on Target’s system through a series of memory extractions on payment application programs. iSight cybercrime analyst Jayce Nichols said the individual components of the entire program aren’t exactly highly sophisticated, but its overall composition is. 

“While some components of the breach operation were technically sophisticated,” iSight writes in its own report about the malware, “the operational sophistication of the compromise activity makes this case stand out. The intrusion operators displayed innovation and a high degree of skill in orchestrating the various components of the activity.”

Photo via Mr. T in DC/Flickr

Chase Hoffberger

Chase Hoffberger

Chase Hoffberger reported on YouTube, web culture, and crime for the Daily Dot until 2013, when he joined the Austin Chronicle. Until late 2018, he served as that paper’s news editor and reported on criminal justice and politics.