Even if you are the type of person who rarely shops online for security reasons, hackers could steal credit card information by infecting point-of-sale (POS) terminals at stores, gas stations, and other retail locations with malware

According to a new report from Cybernews, hackers were able to steal 167,000 credit card numbers and other payment records from unsuspecting customers by using POS malware While this financial data could be used to commit fraud, cybersecurity firm Group-IB estimates that the criminal hackers could make as much as $33 million just by selling these stolen credit card numbers on the dark web

In April 2022, the company's researchers discovered the command-and-control (C2) server used by the MajikPOS malware However, the C2 server's administration panel also contained data from another POS malware called Treasure Hunter

Despite the C2 server and its admin panel still being active at the time of this writing, Group-IB shared its findings with a US-based financial threat sharing organization and law enforcement agencies within that organization

Unlike traditional malware that infects PCs or mobile malware that infects smartphones and tablets, POS malware is used specifically to infect POS devices such as credit card readers used by retailers worldwide [This type of malware aims to steal data stored on the magnetic or magstripe of a credit card However, as chip-embedded credit and debit cards and tap-to-pay become more popular, POS malware is not as common as it used to be for hackers and other cybercriminals to take advantage of

When data is stolen from credit cards by POS malware, it is sent back to a C2 server controlled by the attacker Fortunately, the magnetic stripe does not contain the card's Card Verification Value (CVV) number, so this stolen information cannot be used to make purchases online

After discovering the C2 servers used by the hackers behind the MajikPOS and Treasure Hunter POS malware, Group-IB researchers used the IP addresses contained on the servers to identify the states with the most instances of infected POS devices in They found

According to the blog post, from February to September of this year, Illinois and Missouri had the most MajikPOS-infected devices with 10 each, followed by Massachusetts and Texas with 5 each, and Florida, New York, and Louisiana with 3 each Texas had 12 POS terminals infected with the Treasure Hunter POS malware, followed by Florida with 10, and New York and South Carolina with five each

According to Group-IB threat intelligence data, hackers made $908 million selling compromised credit card data between April 2021 and April of this year, at an average price of $20 per credit card

While on a PC you can install one of the best anti-virus software solutions to protect yourself from malware and one of the best Android anti-virus apps to protect your Android smartphone from malware, It is difficult to protect yourself from POS malware because it is the company, not the customer, that is responsible for securing the POS device

For this reason, Trend Micro recommends in a blog post that consumers regularly monitor all their financial accounts for signs of suspicious activity It is also worth investing in the best identity theft protection services because they can help you recover lost funds and recover your identity if they are stolen

The best way to avoid credit card skimmers, which are often installed at gas stations and ATMs to steal card information, is to fill up your car at a well-lit gas station with adequate security Before using the machine, you should take a quick look to see if it has been tampered with You want to make sure that the card reader is not loose or damaged and that no part of the machine is a different color Similarly, if the keypad is difficult to press or the numbers seem thicker than normal, a fake keypad may have been installed

Using a mobile wallet is another way to avoid credit card skimming and POS malware, but if you are really worried, you can always pay with cash instead of using a card

With the introduction of chip and tap-to-pay making credit cards more secure, POS malware will not lose its popularity among hackers Nevertheless, the need to be aware of and vigilant against malware in the real world is a certainty