Cybercriminals are leveraging a powerful new strain of point-of-sale malware to target the payment systems of retailers this holiday season.
According to threat intelligence firm InfoArmor, the new malware – dubbed “Pro PoS” – is designed to infect the principal operating systems, including newer operating systems, used by companies in the retail environment.
Like several other Point-of-Sale malware families, such as the infamous BlackPoS, Pro PoS is capable of stealing debit and credit card data from infected systems, and hiding its command and control servers (C&C) through the TOR protocol.
At only 76KB, it is also known to implement rootkit functionalities and other mechanisms to avoid detection from common antivirus systems. As The Register further explains:
“Developers of the malware also integrated a polymorphic engine, so that each build has different signatures, for added stealth and as a measure designed to foil security defences.”
InfoArmor adds the “Pro PoS Solution” is currently available for sale in underground forums, costing crooks about $2,600 for a six-month license during last week’s Black Friday sales.
Cybercriminals are reportedly already leveraging the new malware strain to target retailers and small-to-midsize businesses (SMBs) in both the United States and Canada, specifically.
The Pro PoS malware code developers are believed to originate from Eastern Europe, said the security firm.
A recent report by security firm TrendMicro notes that SMBs were heavily hit by malware attacks in Q3 of 2015, with experts estimating the trend to continue well into next year.