Dubbed "Dexter" due to a string contained in some of its files, it is still unknown how it infects affected systems.
Seculert researchers shared that over 30 percent of the compromised POS systems use Windows Server editions, which does not point to the usual web-based social engineering or drive-by download infection methods.
According to the researchers, Dexter is custom-made malware that steals the process list from the infected machines, while simultaneously parsing memory dumps of specific POS software related processes in search for Track 1/Track 2 credit card data.
The stolen data is sent to a remote server operated by the criminals, then used to clone credit cards and steal money from the victims' accounts.
"Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware," the researchers pointed out the "beauty" of the scheme.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.