Freely subscribe to our NEWSLETTER

You can see some reports on this malware below:

http://www.pymnts.com/news/security-and-risk/2016/malware-strikes-merchants-behind-the-emv-curve/

https://threatpost.com/pos-malware-tool-treasurehunt-targets-small-us-based-banks-retailers/117014/

Commenting on the EMV angle, George Rice, senior director, payments at HPE Security - Data Security, said:

"First, EMV provides no protection for the transmission of sensitive payment
information to the acquiring bank. After the EMV card validation process, the
cardholder data must be delivered safely to the payment processor. By default, EMV
does not provide ANY protections of data in transit to the processor. Criminals use
POS malware, memory scrapers and other covert technologies to capture all of the
payments data they need from unsuspecting retailers, despite the use of EMV. When
such data breaches occur, retailers pay a hefty toll in the form of lost revenue,
fines and penalties, executive job loss and even board-level lawsuits.

Second, EMV does nothing to stop the use of stolen card information in online and
mobile transactions. Criminals know they can monetise their card data heists by
using the information in card-not-present purchase environments. And for the time
being, criminals can use stolen cardholder data to create and use bogus mag-stripe
cards until EMV has been ubiquitously deployed across the US market. The Merchant
Advisory Group estimates that only 20 percent of 13.9 million POS devices at U.S.
merchant locations will be EMV capable by October or shortly thereafter."