An alleged payment cards breach against the American DIY chain Home Depot involved the same malware as that used against the retailer Target, according to sources who spoke to security blogger Brian Krebs.
A report on Kerbs website claimed that BlackPOS, also called Kaptoxa, had infected store registers, enabling card details to be stolen upon swiping.
A new strain of the malware was discovered in the wild by security firm Trend Micro in late August, and is said to have improved card capturing capacity and the ability to disguise itself as an antivirus component.
Rhena Inocencio, threat response engineer at Trend Micro, said: "In one the biggest data breach we’ve seen in 2013, the cybercriminals behind it, offloaded the gathered data to a compromised server first while a different malware running on the compromised server uploaded it to the FTP.
"We surmise that this new BlackPOS malware uses the same exfiltration tactic."
Alongside the capacity to steal card details the malware also contains links to media hostile to the US, including a cartoon of a matchbox emblazoned with the American flag stood alongside Molotov cocktails bearing the flags of Ukraine, Syria, Egypt and Libya.
A previous investigation by Krebs linked the cybercriminal Rescator responsible for selling card details taken from Target to propaganda supporting Libyan despot Muammar Gaddafi.
Home Depot has released a statement saying it is investigating unusual activity in conjunction with banks and police, but has not confirmed a breach.
The attack on Target during the winter of last year is thought to have cost the retailer $148m, and prompted the departure of the firm’s chief information officer and chief executive.