Point-of-sale malware (POS malware) is malicious software expressly written to steal customer payment data -- especially credit card data -- from retail checkout systems. Criminals often purchase POS malware to steal customer data from a retail organization with the intention of selling the data rather than using it directly.
There two ways to target a store's customer credit card data: The attacker can infiltrate databases where the data is stored or intercept the data at the point of sale (POS). While there are physical methods that can be used to steal data at these points, those methods require access to the point-of-sale equipment and generally expensive hardware as well. One such method uses an additional reader attached to the store’s card reader. The second device reads and stores track two card data for the swipe payment. Track two magnetic stripe data includes the primary card number and security code, as well as other information such as what types of charges are permitted.
POS malware is a much simpler and less risky way of obtaining that data without ever setting foot on the premises. POS malware is a type of memory scraper that hunts for data in the correct format for track 2 credit card data. This data is only available unencrypted in memory very briefly. However, memory scraping malware is designed to gather it instantly when it is detected. The credit card info is then sent to the attacker’s remote computers, to be subsequently sold on underground sites.
Some examples of POS malware include Chewbacca, Backoff, BlackPOS and Kaptoxa.