In a security alert published on Thursday, US payments processor Visa revealed that two North American hospitality merchants were hacked and had their system infected with point-of-sale (POS) malware earlier this year.
POS malware is designed to infect Windows systems, seek POS applications, and then search and monitor the computer's memory for payment card details that are being processed inside the POS payments apps.
"In May and June 2020, respectively, Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the independent compromises of two North American merchants," Visa said.
The US payments processor didn't name either of the two victims due to non-disclosure agreements involved in investigating the incidents.
Visa published on Thursday a security alert [PDF[1]] with a description of the two security breaches and the malware used in the attacks in order to help other companies in the hospitality sector scan their networks for indicators of compromise.
June hack: Hackers used three different POS malware strains
Of the two incidents, the second one that occurred in June is the most interesting, from an incident response (IR) perspective.
Visa said it found three different strains of POS malware on the victim network — namely RtPOS[2], MMon (aka Kaptoxa)[3], and PwnPOS[4].
The reason why the malware gang deployed three malware strains is unknown, but it could be that attackers wanted to make sure they get all the payment data from across different systems.
Visa, which also provides incident response services in financial crime-related breaches, said the intruders breached the hospitality firm's network, "employed remote access tools and credential dumpers to gain initial access, move laterally, and deploy the malware in the POS environment."
The payments processor wasn't able to determine how the intruders breached the company's network