Payment terminal virus has so far stolen credit card numbers worth $3.3 million.

More than 167,000 credit card numbers were stolen from payment terminals by cyber criminals using two POS malware variants. The loot might earn the criminals

 up to $3.3 million if it were sold on dark web forums.According to Nikolay Shelekhov and Said Khamchiev of Group-IB, the backend command-and-control (C2) server that runs

 the MajikPOS and Treasure Hunter malware is still operational, and "the number of victims is expanding." The threat intelligence division of the security company discovered

 the C2 server in April and discovered that between February 2021 and September 8, 2022, its operators stole payment information from tens of thousands of credit card customers. 

Nearly 90% of the victims are Americans, and US banks issued their credit cards. Infected Windows POS terminals are scanned by the MajikPOS and Treasure Hunter malware

 in order to take advantage of the times when card data is read and stored in plain text in memory. This so-called RAM scraping is specifically carried out by Treasure Hunter,

which searches through the memory of program running on the register for magnetic-stripe data that was recently swiped from a customer's bank card upon payment. 

Businesses may take steps to prevent POS malware infestations, just like they can with other security lapses. The main recommendation is to implement a tight password policy.