The malware is called Treasurehunt and it was developed by a group of hackers that go by the name of Bears. The experts say Treasurehunt is hard to detect and it finds its way onto POS terminals using stolen credentials or through brute force password attacks.
According to Nart Villeneuve, principal threat intelligence analyst at FireEye, the Bears group is very active in selling stolen credit card data and they are the only group using Treasurehunt malware, making it hard for security professionals to identify it.
FireEye reports that the POS malware is custom-built and once a system has been corrupted, the Treasurehunt malware can extract payment card information from the POS computer system’s memory and transmit data to a command and control server operated by Bears.
While some cybercriminals are seeking to develop ways to exploit chip and PIN, other cybercriminals are looking to take advantage of memory scraping POS malware while it still works, added Villeneuve.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now