With so much money flowing from consumers to retailers around the holiday shopping season, it's no surprise that hackers and thieves want to get a cut. There are plenty of ways to do that, but one of the most effective is point-of-sale malware.
This type of virus infects a store's POS terminal, captures every card swipe and PIN entry, and sends the information off to hackers. This was what happened in just about every retailer data breach from Target two years ago to the Starwood Hotels & Resorts data breach that was just revealed. However, it now appears the viruses behind these breaches were amateur work, and security researchers have just discovered the real threat.
It's called ModPOS, and it's been actively stealing card information from retailers and consumers since at least 2013, but no one has spotted it until now. That's because while other malware programmers boast online about their scores, sell what they've stolen, or offer their viruses for sale, the ModPOS team, which is based in Eastern Europe, has flown under the radar. Security experts say there's no mention of this malware anywhere on the Internet.
Not only that, ModPOS' sophisticated code has security experts impressed. It is programmed for serious stealth and security. Not only did it stay hidden for years, unraveling how it works has taken researchers weeks. Other POS malware typically takes less than an hour to break down.
So far there's no information about what retailers ModPOS might have infected. In fact, it's so well hidden, many retailers might still not know it's there. Fortunately, now that security experts have cracked it, it will be easier to detect.
Still, it's likely already stolen millions of credit cards. In an ironic twist, much of that card information is now outdated thanks to replacements shipped after the other more easily detected data breaches of the last two years. However, with everyone swiping their new cards this season, who knows what the ModPOS hackers will get.
One way to stay safe is to only shop at retailers that use POS systems that support EMV cards, or cards with chips in them. Learn how these types of cards make you safer against POS attacks. You can also try using Apple Pay or Android Pay on your smartphone.