Researchers at Trustwave spotted the point-of-sale (POS) malware dubbed “Cherry Picker” that they say is unique because it uses configuration files, encryption, obfuscation and command line arguments to avoid detection.
Researchers identified the malware being used to target the food industry and said it can target virtually any POS software to steal credit card information as well as privileged credentials to remotely access a customer's network, according to a Trustwave blog that will post on Nov. 13.
The malware uses a new memory scraping algorithm, a file infector for persistence and cleaner malware that removes all traces of the infection from target systems making the malware harder to detect, Trustwave Security Researcher Eric Merritt told SCMagazine.com.
Merritt said a less sophisticated version of the malware was first spotted by Trustwave in 2010.
