LusyPOS also been advertised on an underground carding website, where people buy and sell stolen payment card data, said Brian Minick, vice president at CBTS security company. Security researchers said that LusyPOS works by infecting point-of-sale machines in retail locations, and then collecting payment card details which are momentarily held in the PoS’s RAM before encryption till the sale is made. In geek language this is called “scraping” and the PoS is momentarily vulnerable when the un-encrypted as the PoS is in a ‘handshaking’ mode with the bank’s terminal. After the malware collects the data it is transmitter to the remote Command and Control server of the malware handlers. The handlers then acess the data and either sell it on underground forums or employ foot soldiers across the globe to buy luxury items and sell them for profit. LusyPOS is fairly new, as malware researchers Nick Hoffman and Jeremy Humble noted on the Security Kitten blog, but it seems to share code with other point-of-sale malware families such as Dexter and Chewbacca. Brian of CBTS also confirmed that it seemed pretty new, “It’s the first we’ve seen of it,” Brian said. “It looks pretty new.” Another characteristic of LusyPOS malware is that it uses Tor for communication, which encrypts content making it difficut for the security researchers and law enforcement agencies to track the masterminds behind the malware. The first sample of LusyPOS was submitted to VirusTotal on 30th November as per Brian. He also added that LusyPOS was only detected by seven applications and wo of those applications flagged LusyPOS for its use of a Tor package.