Visa did not share the name of the two victims but said that one company had three different strains of point-of-sale (POS) malware on its network.
In a security alert published on Thursday, US payments processor Visa revealed that two North American hospitality merchants were hacked and had their system infected with point-of-sale (POS) malware earlier this year. POS malware is designed to infect Windows systems, seek POS applications, and then search and monitor the computer’s memory for payment card details that are being processed inside the POS payments apps. “In May and June 2020, respectively, Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the independent compromises of two North American merchants,” Visa said. The US payments processor didn’t name either of the two victims due to non-disclosure agreements involved in investigating the incidents. Visa published on Thursday a security alert [PDF] with a description of the two security breaches and the malware used in the attacks in order to help other companies in the hospitality sector scan their networks for indicators of compromise. Of the two incidents, the second one that occurred in June is the most interesting, from an incident response (IR) perspective.
