Beware of PoS malware! It can secretly steal your credit card details

Two point-of-sale (PoS) malware were operationalised recently by hackers who stole over 167000 credit card details. You too could be under threat.

| Updated on: Oct 26 2022, 19:10 IST
ALERT! Do you use USB devices? Beware! Your Windows computer under threat from Malware
1/5 Red Canary: cybersecurity researchers have discovered a new malware that spreads to Windows computers through infected USB drives. However as of now, researchers are unaware of how it happens. (REUTERS)
2/5 According to Tech Radar, the cybersecurity researchers did not name the malware but linked it to the group of malicious actors they call Raspberry Robin. (Pixabay)
3/5 According to the report by researchers, "While msiexec.exe downloads and executes legitimate installer packages, adversaries also leverage it to deliver malware. Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes." (REUTERS)
4/5 The malware spreads to new devices via an infected .LNK file. Once someone plugs in the USB drive, the malware runs the infection process via command prompt. (REUTERS)
5/5 The researchers said, "We also don't know why Raspberry Robin installs a malicious DLL, one hypothesis is that it may be an attempt to establish persistence on an infected system, though additional information is required to build confidence in that hypothesis." (MINT_PRINT)
View all Images
PoS malware could access credit card details and steal money from your account. (REUTERS)

New malware has reportedly been operationalised by hackers and it is stealing victims' credit card data. Dubbed as PoS (two point-of-sale) malware, it has already stolen information related to over 167000 credit cards from multiple payment platforms. As reported by, Singapore-headquartered cybersecurity company Group-IB has shared that the stolen data dumps could profit the hackers by as much as $3.34 million when sold on underground forums.

The malware is reportedly aimed at gathering payment data relying on JavaScript sniffers (aka web skimmers) to steal card text data like bank card numbers, expiration dates, names of owners, addresses, CVVs from eCommerce websites. Last month, Kaspersky shared about new tactics adopted by a Brazilian threat actor named Prilex stealing money via fraudulent transactions. It said, "Almost all PoS malware strains have a similar card dump extraction functionality, but different methods for maintaining persistence on infected devices, data exfiltration and processing." Most of the malware operations were carried out on the credit cards issued by the banks in the U.S., Puerto Rico, Peru, Panama, the U.K., Canada, France, Poland, Norway, and Costa Rica.

How does PoS malware work?

As explained by Group-IB, Point-of-sale (POS) malware is a type of malicious software designed to attack PoS terminals with an aim to steal payment data stored on magnetic stripes (magstripes) on the back of bank cards. The website noted that the PoS malware has become less popular due to the protection mechanisms embedded in modern credit card processing systems in most countries, but it's still operative. It is still a severe threat for individuals and businesses in the abovementioned regions as well as the places where credit cards with magstripe are used for the payment. As per the report, the USA is a desirable target for threat actors stealing magstripe dumps.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 26 Oct, 15:22 IST
keep up with tech