23-Year-Old Russian Hacker Admits to Being the Original Creator of BlackPOS Malware

Recent developments surrounding the notorious BlackPOS malware have revealed critical details about its origin. Initially attributed to a 17-year-old known as “ree[4]“, investigations by cybersecurity firm IntelCrawler have identified a 23-year-old hacker named Rinat Shabayev as its original developer.

BlackPOS, also referred to as “reedum” or ‘Kaptoxa’, has been implicated in the massive breach of credit and debit card information from TARGET, affecting approximately 110 million customers. This malware served as a formidable crimeware kit, facilitating extensive data theft from the retailer.

An in-depth investigation later revealed the roles of the two individuals involved: while Shabayev authored the original code, Tarasov contributed technical support, further complicating the landscape of culpability. This distinction highlights the evolving nature of cybercrime, where the lines between developer and user can blur.

In a candid interview with Russian news outlet ‘LifeNews‘, Shabayev confessed to creating the BlackPOS tool but insisted that its intended use was for security testing, not theft. He claimed the software was sold to others, who exploited its capabilities for malicious purposes. This admission underscores the dual-use nature of many cyber tools, where legitimate intentions can lead to significant breaches when misappropriated.

Further complicating this scenario, it has come to light that the same malware may also be linked to the high-profile attack on Neiman Marcus. This connection illustrates the broader implications of BlackPOS in the realm of cybercriminal acts, highlighting a continuity of threat to retail environments.

The scale of the impact is staggering, with over 110 million individuals facing compromised financial security due to this malware. Despite Shabayev’s assertions of innocent intent, the reality remains that the incorporation of such malware into the criminal landscape has facilitated systemic financial theft. The ramifications of such breaches extend beyond the immediate financial loss, inviting scrutiny into the security practices adopted by businesses vulnerable to these forms of attack.