Malware Strikes Merchants Behind The EMV Curve

Cybersecurity firm FireEye warns of the dangers that custom-built malware poses to retailers due to its ability to capture payment card details directly from retail point-of-sale (POS) systems.

In an article posted to its research blog on Monday (March 28), FireEye warned about the POS malware called TREASUREHUNT that it said is designed to enumerate running processes, extract payment card data from memory and then transmit the stolen information to a command and control server.

“In the world of POS threats, there has been a rise in both underground offerings, as well as new malware found in active use. The demand is likely due to the ongoing transition to EMV chip-and-PIN technology in the United States, which will eventually render these techniques largely useless,” Nart Villeneuve of FireEye explained. “While some cybercriminals are looking ahead in an effort to develop ways to exploit chip-and-PIN (as well as near-field communication technologies), many cybercriminals are looking [to] take advantage of memory-scraping POS malware while it still works.”

As more companies continue to move forward with chip-enabled card acceptance, FireEye said it expects to see cybercriminals increasingly shift their efforts to smaller retailers and banks.

FireEye Threat Intelligence reported that, since 2015, there has been huge growth in the number of POS malware families, with more than a dozen discovered last year alone.