FireEye researchers spotted a point-of-sale (POS) malware dubbed TreasureHunt that appears to have been custom-built for a “dump shop” that sells stolen credit card data.
The malware enumerates running processes, extracts payment card information from memory, and then transmits this information to a command and control (CNC) server, according a Mar. 28 blog post.
Cyber crooks are looking to take advantage of memory scrapping POS malware like TreasureHunt before more secure chip and PIN technologies render the data scrapping techniques obsolete, researchers said in the blog. There are currently about 1.2 million merchants that accept the 600 million chip cards now used in the United States.
The researchers said cybercriminals often gain access to the POS systems to implant the malware using previously stolen credentials or brute force login attempts with common passwords.