Payment terminal virus has so far stolen credit card numbers worth $3.3 million.

More than 167,000 credit card numbers were stolen from payment terminals by cyber criminals using two POS malware variants. The loot might earn the criminals

[{"selector":"#anim-56381ffd-8327-4cad-a248-965f744accae","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-1c0dddc2-2801-4bbd-9009-76b420c44f91","keyframes":{"transform":["translate3d(0px, 186.27846%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

up to $3.3 million if it were sold on dark web forums.According to Nikolay Shelekhov and Said Khamchiev of Group-IB, the backend command-and-control (C2) server that runs

[{"selector":"#anim-e51f8423-ee3c-444d-b9af-162db9a835cb","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-07983e4d-629a-4dfc-8c89-66a8793222e3","keyframes":{"transform":["translate3d(0px, 161.57965%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

the MajikPOS and Treasure Hunter malware is still operational, and "the number of victims is expanding." The threat intelligence division of the security company discovered

[{"selector":"#anim-f03d7f55-0ee0-4282-85e6-f1ac416ca5e7","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-565a3039-2753-4153-9907-43ef4509749e","keyframes":{"transform":["translate3d(0px, 138.13659%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

[{"selector":"#anim-627e218c-5d31-419b-8bff-dded017df0ff","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7d92f637-fe18-4813-80c1-1ea1f72341f4","keyframes":{"transform":["translate3d(0px, 163.65867%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] the C2 server in April and discovered that between February 2021 and September 8, 2022, its operators stole payment information from tens of thousands of credit card customers.

Nearly 90% of the victims are Americans, and US banks issued their credit cards. Infected Windows POS terminals are scanned by the MajikPOS and Treasure Hunter malware

[{"selector":"#anim-edcac91f-c3f9-4e71-9b45-77e9928560c5","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-cfd9697f-dd7d-42e0-897e-1c8f6f0329a6","keyframes":{"transform":["translate3d(0px, 168.34491%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

in order to take advantage of the times when card data is read and stored in plain text in memory. This so-called RAM scraping is specifically carried out by Treasure Hunter,

[{"selector":"#anim-0cc4eb10-f951-47a4-a4fa-fedbb4e385d1","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e2135152-06be-48d3-9cd7-930da7f810f0","keyframes":{"transform":["translate3d(0px, 178.44714%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

which searches through the memory of program running on the register for magnetic-stripe data that was recently swiped from a customer's bank card upon payment.

[{"selector":"#anim-cc2b0055-f531-45f4-a17d-490048e5f852","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b2bd085a-d172-4c65-9161-af48003327d1","keyframes":{"transform":["translate3d(0px, 158.56760%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

Businesses may take steps to prevent POS malware infestations, just like they can with other security lapses. The main recommendation is to implement a tight password policy.

[{"selector":"#anim-cb848db4-4195-44dd-bf5f-ca99e3bfd3c8","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-0a732aca-4fb7-4b9d-8368-e504c53106f7","keyframes":{"transform":["translate3d(0px, 148.22821%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]