Point of sales (PoS) units are being targeted by persistent and elusive malware, according to the networking firm Cisco.
Nicknamed Poseidon, the virus family improves on previous PoS malware with the ability to survive possible system reboots and the use of several techniques to avoid detection.
Talos, a threat research unit within Cisco, said: "Incidents involving PoS malware have been on the rise, affecting many large organisations as well as small mom-and-pop establishments and garnering a lot of media attention.
"The presence of large amounts of financial and personal information ensures that these companies and their retail PoS systems will remain attractive targets."
Once installed on a system Poseidon establishes contact with a command and control (C&C) server to download further malicious material, with includes a keylogger that scans the PoS system for credit card numbers.
When these are found the malware then encodes both keystrokes and the numbers before sending them to an exfiltration server, where they will become available for hackers to exploit or sell on.
Analysis by Cisco also showed that two of the components in the malware share significant functions, suggesting to the company that the hackers have created software libraries that can be reused across projects.
"As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families," Talos said.
"Network administrators will need to remain vigilant and adhere to industry best practices to ensure coverage and protection against advancing malware threats."