Privacy, Malware, Identity, Data Security

US most impacted by recent point-of-sale malware attack

More than 167,000 payment records have been exfiltrated by threat actors in a point-of-sale malware campaign leveraging the Treasure Hunter and MajikPOS strains since February 2021, with most of the stolen data obtained from U.S.-based devices, reports CyberScoop. Eleven U.S. companies have been impacted by the campaign, which has amassed information worth over $3.3 million from February 2021 to Sept. 8, 2022, a study from Group-IB showed. While initial attacks only involved a Treasure Hunter malware variant, attackers began using the more advanced MajikPOS malware with an encrypted communication channel with a command-and-control functionality early this year. Nearly 77,400 unique credit cards have been observed in the MajikPOS panel, more than 75,000 of which were from credit card issuers in the U.S., while 86,441 of the more than 90,000 cards found in the Treasure Hunter panel were from U.S. issuers. "Given that the malware remains active at the time of writing this blog, the number of victims keeps growing," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.