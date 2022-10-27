Cybercriminals used two point-of-sale malware to steal around 167,000 credit cards at payment terminals. The malware was discovered by researchers at cybersecurity firm Group-IB.

According to researchers, point-of-sale (PoS) malware has been named MajikPOS and Treasure Hunter. The analysis reported that cybercriminals were able to extract credentials, and after the attacks criminals could earn up to $3.34 million if they decide to sell the information on underground forums.

(Image: Kikinunchi/Shutterstock)

MakikPOS is the successor to the Treasure Hunter malware and started to become popular in early 2017 as it affected North American companies.

“Almost all PoS malware strains have similar card dump extraction functionality, but different methods for maintaining persistence on infected devices, exfiltration and data processing,” said researchers Nikolay Shelekhov and Said Khamchiev.

Group-IB identified that between February and September 2022, command and control (C2) servers that were associated with both MakikPOS and Treasure Hunter were responsible for compromising 77,428 and 90,024 one-time payment records. Most of the stolen cards were issued by banks in the US which account for 97% of withdrawals, followed by Puerto Rico, Peru, Panama, UK, Canada, France, Poland, Norway and Costa Rica.

To date, threat intelligence experts at Group-IB have not identified the origin of the cybercriminal group.

