New POS malware targets retailers via job applications

Seven simple steps to better cybersecurityI wrote last month about recruiters being targeted by malware-infested job applications. FireEye now reports the discovery of a new point-of-sale (POS) malware, spread via phishing emails purportedly applying for jobs with retailers.

FireEye has named this new malware NitlovePOS.

An indiscriminate spam campaign, which started last week – on May 20 – has been targeting retailers with phishing emails. The email ‘from’ addresses were spoofed Yahoo! Mail accounts, and the ‘subject’ lines were the sort you’d expect to see from job applicants (e.g. ‘Any Jobs?’ ‘Any Openings?’, ‘Internships?’).

The phishing email came with an attachment – ostensibly a resumé – embedded with a malicious macro. Recipients opening the attachment unwittingly downloaded malicious executables, which then downloaded an array of malware payloads – including NitlovePOS, which can capture and exfiltrate track one and track two payment card data by scanning the running processes of infected machines.

If you receive an unsolicited job application, think twice before opening the attached resumé.


All organizations that store, transmit or process payment cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI-compliant organizations have just over a year – until June 30, 2016 – to implement new security controls, but considering the growing threat of malware to POS systems, we advise them to comply with PCI DSS v3.1’s requirements sooner rather than later.

IT Governance is a PCI Qualified Security Assessor (QSA), and provides a wide range of products to help your organization achieve and maintain compliance with the PCI DSS, including guidebookse-learning and classroom-based staff training, a documentation toolkit, and consultancy support.

For more information on PCI DSS compliance, and to learn how IT Governance can help you protect your data, email us at or call us on 1-877-317-3454.