TreasureHunt POS malware looks to steal your data before it's too late

Custom TreasureHunt POS malware built for ‘dump shop’ operators to steal data before it’s too late.
Custom TreasureHunt POS malware built for ‘dump shop’ operators to steal data before it’s too late.

FireEye researchers spotted a point-of-sale (POS) malware dubbed TreasureHunt that appears to have been custom-built for a “dump shop” that sells stolen credit card data.

The malware enumerates running processes, extracts payment card information from memory, and then transmits this information to a command and control (CNC) server, according a Mar. 28 blog post.

Cyber crooks are looking to take advantage of memory scrapping POS malware like TreasureHunt before more secure chip and PIN technologies render the data scrapping techniques obsolete, researchers said in the blog. There are currently about 1.2 million merchants that accept the 600 million chip cards now used in the United States.

The researchers said cybercriminals often gain access to the POS systems to implant the malware using previously stolen credentials or brute force login attempts with common passwords.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS