Cybercriminals are casting increasingly wider nets in their search for new point-of-sale systems to infect. This appears to be the case with a new memory scraping malware program called GamaPoS that’s distributed by a large botnet known as Andromeda.
GamaPoS was recently discovered by security researchers from antivirus vendor Trend Micro, who found systems infected with it inside organizations from 13 U.S. states and Vancouver, Canada.
The program is written in Microsoft’s .NET, which is unusual for RAM scraping malware. These type of threats monitor the memory of point-of-sale systems for payment card data and steal it while it’s being passed from the physical card readers to the commerce applications.