Researchers at Anomali detected a new FrameworkPOS campaign that it says is gaining momentum.
This new malware strain looks like former iterations and uses the same naming conventions, but based on Anomali's analysis of purloined credit card data, the new version, dubbed gpr1, apparently uses only track 2 data, while earlier versions also used track 1 data.
So far, 300 credit card records have been siphoned from two victims, Anomali said. One target might be a small business based in Honolulu while the other apparently is headquartered in Chicago.
The attacks contain references to a PoS software named ALOHA, which the researchers believe could either be a coincidence, as the software just might happen to already be installed, or it could indicate that the attackers are specifically targeting this platform
Over the past few months, FrameworkPOS has been dormant, Anomali said. But, evidence points to the actors behind this malware being "active and well."