Connect with us

Hi, what are you looking for?


Malware & Threats

U.S. Leads Way in PoS Malware Infections in Q3: Trend Micro

The United States is at the top of the list of countries with the most infections of point-of-sale (PoS) malware during the third quarter of the year, according to research from Trend Micro.

The United States is at the top of the list of countries with the most infections of point-of-sale (PoS) malware during the third quarter of the year, according to research from Trend Micro.

In its threat report for Q3, Trend Micro reported that the U.S. accounted for 30 percent of PoS malware infections. The next three places on the list – Taiwan, Philippines and Italy – each accounted for six percent of infections.

“Early this year, one of the largest retail companies in the U.S. disclosed that approximately 40 million consumer credit and debit card information was compromised as a result of a breach in its systems,” according to the report. “Not long afterward, Home Depot topped that record when it disclosed that more than 100 million customer records that included credit card information was stolen as a result of a payment systems breach. The threat actors behind these breaches attacked the retailers’ point-of-sale (PoS) systems. BlackPOS was implicated in the incident reported early this year, while BlackPOS version 2 was used in the Home Depot breach. This further indicates that PoS networks are highly accessible and vulnerable.”

The report identified three new pieces of PoS malware that were spotted during the third quarter: BrutPOS (Tibrun), Backoff (POSLOGR) and BlackPOS Version 2 (MEMLOG).

Recently, researchers at Trend Micro identified a new piece of PoS malware detected by the firm as TSPY_POSLOGR.K that is designed to read the memory associated with specific processes written in the .INI file. It then saves the data to files named “rep.bin” and “rep.tmp.”

“Based on the other PoS malware behaviors we observed, it appears to be designed as multicomponent malware similar to an earlier BlackPOS variant named TSPY_MEMLOG.A, as it might require another component to retrieve the dumped data,” Anthony Joe Melgarejo, threat response engineer at Trend Micro, explained in a blog post. “It is highly possible that this is deployed as a package.”

The report also noted a spike in online banking malware infections between the second and third quarters. As in the case of PoS malware, the United States was the most affected country, accounting for about 13 percent of infections.

Advertisement. Scroll to continue reading.

“Our findings confirm that we are battling rapidly moving cybercriminals and evolving vulnerabilities simultaneously,” said Raimund Genes, CTO at Trend Micro, in a statement. “With this fluidity, it’s time to embrace the fact that compromises will continue, and we shouldn’t be alarmed or surprised when they occur.  Preparation is key and as an industry we must better educate organizations and consumers about heightened risks as attacks grow in volume and in sophistication. Understanding that cybercriminals are finding vulnerabilities and potential loopholes in every device and platform possible will help us confront these challenges so technology can be used in a positive way.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.