Researcher disputes report BlackPOS used in Home Depot, Target attacks

12. September 2014
A security researcher has found that the malware used in the Home Depot and Target breaches are unrelated and cannot be used as an indicator that the same group is behind the attacks.

An analysis of the malware code revealed no similarities in architecture or technique that would show the software is even from the same family, Josh Grunzweig, principal security consultant for enterprise search company Nuix, said Friday.

"With coding, there's a lot of different ways to essentially reach the same goal," Grunzweig said. "When you look at the two samples, pretty much every single decision was in the exact opposite when it came to approach."

Grunzweig's analysis contradicts a KrebsOnSecurity report this week that variants of the BlackPOS malware were used in both attacks. Brian Krebs, a former Washington Post reporter, writes the blog.

Late last month, security vendor Trend Micro reported that BlackPOS variants were being used to attack retailers, such as Target, but did not say the same malware was used against Home Depot.

BlackPOS was designed by a Russian teenager to steal credit- and debit-card data from retailers' electronic payment systems. The malware source code has been available since 2012.