Point of sale malware campaign targets hospitality and entertainment businesses
Cybercriminals are targeting small and mid-sized businesses (SMBs) that process a lot of card payments with point-of-sale (POS) malware in order to steal customers’ payment card information, researchers with Flashpoint have found.
The malware used in the campaign that mostly targets the hospitality and entertainment industries is dubbed DMSniff. It has been around since at least 2016 but remained largely unnoticed until now. Unlike most POS malware, DMSniff is capable of creating command-and-control domains to send stolen information to, so that attackers have a way of retrieving the info even if their primary domains are taken down by law enforcement.