Security researchers at Trustwave have uncovered a new point of sale (PoS) malware threat called Punkey that has already infiltrated some organisations.
Punkey was uncovered during a law enforcement investigation that involved Trustwave. The malware has evolved since that time, and there are now three variants.
This suggests that it has been adopted by more one than hacking group or is being tailored to specific retail targets.
Punkey can search for and steal personal details, and has what Trustwave described as the "rare" ability to update and alter its capabilities remotely.
"This gives Punkey the ability to run additional tools on the system such as executing reconnaissance tools or performing privilege escalation. This is a rare feature for PoS malware," wrote Eric Merritt on the Trustwave SpiderLabs blog.
Merritt said that he was able to pick elements of the malware apart by using the same readily available encryption tools that were employed by the author.
This revealed the ability to send payment card numbers, and to collect and encrypt 200-character codes, and send them back to a command and control server.
PoS malware was flagged as a serious concern in Dell's 2015 Security Annual Threat Report, which said that attacks on such systems have "surged" in recent months and that the situation needs addressing.
"Malware targeting PoS systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise," said Patrick Sweeney, executive director for Dell Security.
"To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as re-examine their data policies with partners and suppliers."
One company with experience of the impact of PoS attacks is Home Depot, a US retailer that suffered a crippling attack on its checkout systems.
Trustwave is in the process of being acquired by Singapore firm Singtel in a deal worth $810m.
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps
OnePlus 3T canned to make way for imminent OnePlus 5 with Snapdragon 835, 8GB memory and dual camera
OnePlus 3T to be prematurely retired on 1 June - perhaps indicating plans for an imminent OnePlus 5 launch