A newly discovered version of the BlackPoS malware affecting point-of-sale (PoS) systems masquerades as a service of an antivirus product to avoid detection.
Further modifications have been added to the threat, which now integrates a different method for listing all processes running on the affected machine. It now relies on CreateToolhelp32Snapshot API call for the job that was previously carried out through the EnumProcesses API call.
Security researchers at Trend Micro say that the new Bl…