Security News > 2022 > October > Payment terminal malware steals $3.3m worth of credit card numbers – so far

Cybercriminals have used two strains of point-of-sale malware to steal the details of more than 167,000 credit cards from payment terminals.

The security firm's threat intelligence unit identified the C2 server in April, and determined the operators stole payment info belonging to tens of thousands of credit card holders between February 2021 and September 8, 2022.

The MajikPOS and Treasure Hunter malware infect Windows POS terminals and scan the devices to exploit the moments when card data is read and stored in plain text in memory.

Treasure Hunter in particular performs this so-called RAM scraping: it pores over the memory of processes running on the register for magnetic-stripe data freshly swiped from a shopper's bank card during payment.

"Given how rare they are and for how many various fraudulent activities they can be used for, card dumps are usually more expensive than card text data," Shelekhov and Khamchiev said, adding the average price per card dump is about $20. POS malware has become less popular in recent years as credit card processing systems have evolved to combat the issue.

Even still, POS malware remains a "Severe threat" for businesses and individuals where credit cards represent the primary payment processing mechanism, Shelekhov and Khamchiev note.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/24/pos_malware_campaign_steals_33m/