The point-of-sale (POS) malware targets sales systems in hotels and other industries in the US in order to scrape valuable credit card data which can then be used to create cloned cards, empty victim bank accounts or be sold on the black market.
MalumPoS is designed to collect data from POS machines running on Oracle MICROS, a payment system used by restaurants, hotels, the retail sector and the enterprise and is used in approximately 333,000 customer websites worldwide.
MalumPoS is designed to be configurable, which means that threat actors can change or add other POS system processes, targets and areas to be scraped. Aside from Oracle MICROS, Trend Micro says the malware also targets Oracle Forms, Shift4 systems and systems accessed via Internet Explorer.
The malware is also selective when it comes to the types of credit card data scraped and focuses on Visa, MasterCard, American Express, Discover, and Diner’s Club.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now