Cybercrooks are selling a new strain of potent Point of Sale malware through underground forums.

“Pro PoS” weights in at just 76KB and packs mechanisms to frustrate antivirus analysis, as well as root-kit functionality, according to threat intelligence firm InfoArmor.

Developers of the malware also integrated a polymorphic engine, so that each build has different signatures, for added stealth and as a measure designed to foil security defences.

InfoArmor warns that the current version of “Pro PoS Solution” is in active use in attacks against retailers and SMBs in the US and Canada specifically. The malware was put together by eastern European coders.

Black Friday (27 November) brought significant updates, as well as a price increase to $2,600 for a six-month licence.

Cybercrooks urged to splash the Bitcoins and go Pro

Publicity around the hack of hotel chains – such as Hilton, Starwood and Trump over recent weeks and months – have spurred efforts among crooks to develop new Point of Sale malware.

Active support of TOR protocol for secure and anonymous communications between the infected victims and Command and Control (C&C) servers has become a must-have feature.

Cybercrooks also are monitoring OS trends in retail sector by supporting new operating systems as they come online, specifically those used in modern backoffice systems in retail environments. ®