RtPOS is a point-of-sale (PoS) malware discovered by Booze Allen Hamilton that is unique compared to other popular PoS malware. The malicious program only comes with two arguments, install and remove, which are responsible for installing and removing the malware from the victim's machine. Its primary function is to watch a PC’s RAM for a text patterns indicative of credit card numbers that, if found, is stored locally on the infected machine in a DAT file. PtROS does not contain any native exfiltration capabilities, leaving researchers to believe the malware is still in development. Additionally, it is possible that this is a post-compromise tool instead of a standalone malware, meaning it may be part of a bigger campaign.
- Booze Allen Hamilton provides more technical information on RtPOS, here.
Source: Bleeping Computer