Point-of-sale malware

5 Most Dangerous Point-Of-Sale Malware For Retail Stores

Point-of-sale malware is developed with the aim of stealing valuable information related to retail transactions from POS terminals. The data that POS malware targets can be the card holder’s name, primary card number, discretionary data, PINs, etc. Those data will be sent to another server afterward. Cybercriminals from their stolen database will look for credit card information and sell them or make fraudulent purchases. 

It is a must that retail businesses timely address and solve this serious problem. Otherwise, you might get into troubles which can break your entire business. Here are the top 5 most common and dangerous point-of-sale malware you need to be careful of.


BlackPOS malware or also known as the Interprocess communication hook malware is a kind of spyware program. This malware is the program that was first introduced and used in the huge Target POS breach in 2013. The Black POS malware can be installed in your Windows-running devices and steal data from debit or credit cards.

All POS computing devices can be easily infected if the retail owners do not regularly update their operating systems and discard virus programs. It is important to bear in mind that, by programming BlackPOS, cybercriminals can hide virus programs in your computer and only steal your data during a certain period of time. As a result, things may appear to be just fine without any suspicious signals while in fact, your systems may encounter a serious problem.

POS malware targets to POS terminals
POS malware target to POS terminals


The POS malware – TreasureHunt was a malicious custom-built software developed based on the technique of memory scraping. This malware extracts credit card data from the memory of POS terminals in retail stores whose swipe systems are out of date. Once they obtain those credit card data, cybercriminals will send them to a command and control (CnC) server and sell them. 


NitlovePOS is a new malware that can access the host compromised via indiscriminate spam campaigns on Internet Explorer and scans the running process of a  machine. Then, they can capture and gather track one and track two payment data. Those data will be sent to a web server using SSL later on.


Cybercriminals developed with the purpose of stealing not only credit card numbers in POS system memory but also keystrokes. They can scan RAM for credit cards issued by Discover, Visa, MasterCard and also AMEX then encrypt and send them to predefined Russian servers. Even though the user has logged off, this malware can still run in memory thanks to its clouding techniques.

POS malware steals customer's credit card data
POS malware steals customer’s credit card data


Another point-of-sale malware that can steal or scrape credit and debit card data running in an Oracle MICROS payment system is MalumPOS. Usually, hackers will send it to the POS computers and hide them as a Nvidia Display Driver or Nvidia Display Driv3r. After stealing customer data once their cards are swiped, the hackers use that data to empty customer bank balance or sell their information to the black market.

All in all,

Point-of-sale malware is a huge trouble with all modern businesses that have adopted POS devices. In order to avoid these problems as well as minimize their negative impact, retailers can use some techniques such as whitelisting technology, code signing or chip readers to protect all transactions in your stores. Also, retailers should consider integrating your hardware with highly secured POS software and other third party service providers.

For more information about eCommerce and technology, don’t forget to follow our page. And if you are looking for a highly-secured POS system, ConnectPOS is definitely what you need. Feel free to contact us anytime!

Leave a Comment

Your email address will not be published. Required fields are marked *