This new malware attack is starting to circulate.  It features a new capability to export data externally, so that attackers no longer need to log in locally to retrieve compromised credit card details

http://blogs.cisco.com/security/talos/POSeidon

http://www.computerworld.com/article/2900310/new-malware-program-poseidon-targets-pointofsale-systems.html

Retailers beware: A new Trojan program targets point-of-sale (PoS) terminals, stealing payment card data that can then be abused by cybercriminals.  The new malware program has been dubbed PoSeidon by researchers from Cisco’s Security Solutions (CSS) team and, like most point-of-sale Trojans, it scans the RAM of infected terminals for unencrypted strings that match credit card information — a technique known as memory scraping.

This sensitive information is available in plain text in the memory of a PoS system while it’s being processed by the specialized merchant software running on the terminal. Security experts have long called for the use of end-to-end encryption technology to protect payment card data from the card reader all the way to the payment service provider, but the number of systems with this capability remains low.

Unlike other PoS memory scrapers that store captured payment card data locally until attackers log in to download it, PoSeidon communicates directly with external servers and can update itself automatically. It also has defenses against reverse engineering. “PoSeidon is another in the growing number of Point-of-Sale malware targeting PoS systems that demonstrate the sophisticated techniques and approaches of malware authors,” the CSS researchers said. “As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families.”