It has been reported that over 4,000 ElasticSearch servers were found hosting PoS (Point of Sale) malware strains. The infections detected data as far back as 2016, with the latest infections observed as recently as August 2017. Nearly 99% of the infected servers are hosted in Amazon Web Services (AWS), according to security experts. The two malware strains – AlinaPOS and JackPOS – are very popular among cybercriminals and have been around since 2012. However, Kromtech security researchers, who uncovered the two malware strains hosted on ElasticSearch servers, also discovered that the two strains are now up for sale on dark web hacking forums and are being actively distributed, despite having been initially released several years ago.
ORIGINAL SOURCE: IB Times