CIP Cyber

Newest malware ‘Treasurehunt’ stealing Payment card data of Americans

Table of Contents

Black hat hackers has developed a new malwareTreasurehunt‘ which extracts the payment card data from the memory after enumerating the running process. After extracting the data from payment card, Treasurehunt forwards it to a command and control (CnC) server. Once the data of victim is stolen; hacker sell the extracted details in black markets.

There have been many malwares similar to the Treasurehunt which black hat hackers labelled as Point-of-sale (POS) in their underground forums. Last year security researchers has found more than dozen of POS malwares.

“Target” was one of the many big corporations targeted by these black hat hackers last year; it forces the retail giant to upgrade their systems. But not every business can afford the new certified systems because of the sky-high cost, it has now provided a big opportunity to hackers. That’s why those small businesses now become the primary target of these criminals.

FireEye a cyber security firm was the first to discover this newest malware, which is targeting the thousands of U.S citizens all over the country. Nart Villeneuve security researcher on FireEye’s blog post said, “Criminals appear to be racing to infected POS systems in the United States before U.S. retailers complete this transition”.

He further wrote that “In a typical scenario, Treasurehunt would be implanted on a POS system through the use of previously stolen credentials or through brute forcing common passwords that allow access to poorly secured POS systems.” 


These POS malwares including Treasurehunt are easily available on dark web if you are willing to pay the right price. Those tools available for FREE on dark web are not often as effective as the purchased ones. These free tools are mostly outdated or their source code may have been disclosed, which makes them easier to detect by security software. Average 60 million shoppers in U.S and Canada are effected from payment system hacks in past two years.



CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings