Cyber criminals are now selling a new powerful strain of Point of Sale (PoS) malware through underground forums.
Like several POS malware families discovered last year, including vSkimmer and BlackPOS, the new malware is also designed to steal payment card data from the infected POS systems and support TOR to hide its C&C (Command and Control) servers.
Pro PoS – Light Weight, Yet Powerful Malware
However, the new malware, dubbed "Pro PoS," packs more than just a PoS malware.
Pro PoS weighs only 76KB, implements rootkit functionalities, as well as mechanisms to avoid antivirus detection, according to threat intelligence firm InfoArmor.
What's even more interesting about this malware is…
Pro PoS integrates a polymorphic engine that lets the threat generate a different signature for each malware sample – a measure designed to foil security defences.
InfoArmor warned that cyber crooks were actively using the current version of Pro PoS Solution in an effort to target PoS systems used by large retailers and SMBs in the United States and Canada specifically.
Pro PoS Malware found in the Wild
The developers of the Pro PoS malware are believed to be hackers from Eastern Europe, according to the security firm.
On November 27 (Black Friday), researchers at InfoArmor noticed a significant increase in the price of the Pro PoS Solution, which was offered at $2,600 for a six-month licence.
The developers of Pro PoS have designed their malware in such a way that it infects the principal operating systems, including newer operating systems, used by the companies in the retail environment.