The massive data breach at Target during the 2013 holiday shopping season which the retailer now admits affected 70 customers used an inexpensive “off the shelf” malware available online for as little as $1,800, reports ."
"The malware was surreptitiously installed on the embedded Windows OS computers on the point of sale (POS) terminals in all of Target’s U.S. stores. The company’s Canadian outlets apparently use a different software system and were not targeted in the attacks.
Although the magnetic stripe information is encrypted on its way out of these POS terminals on its way to the financial institutions for verification, the data is briefly stored in plain text in the unit’s RAM (memory.) Thus, the malware “scrapes” this info from the RAM and stores it until it can be retrieved in batches through a persistent remote connection."