We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanSpy:Win32/Ploscato.G
Aliases: Trojan/Win32.Inject (AhnLab) W32/Trojan.UJCW-0182 (Command) Backdoor.Win32.Bandok.afo (Kaspersky) W32/FwPOS.EBD!tr (Fortinet) Win32/Spy.POSCardStealer.AD trojan (ESET) BackDoor-FCEC!81FCD8CDF218 (McAfee) Infostealer.Reedum.D (Symantec) TSPY_MEMLOG.B (Trend Micro)
Summary
Windows Defender detects and removes this threat.
This threat targets point-of-sale (POS) machines. It can steal credit and bank card information being processed by the local machine.
It is usually involved in attacks against a specific target or company.
This threat is a highly-targeted point-of-sale theft malware. Detections of this threat should be investigated thoroughly.
Depending on the situation, large quantities of credit or bank cards processed by the infected workstations could have been stolen. There is a good probability that account credentials and other network resources are compromised.