A Websense report called attention to the attack group's distinctive approach in using the Zeus variant.
“This is most definitely not a mass malware infection, but rather one that is targeting businesses specifically in the wholesale trade sector – very much different than a typical Zeus infection that is evenly distributed across industries such as financial, government and healthcare. This creates yet another risk indicator that we may be looking at a targeted campaign focused on POS applications,” the report said.
Malware with RAM-scrapping capabilities would offer attackers another means of siphoning financial data from users, as was the case with malware dubbed, POSRAM which struck Target's point-of-sale systems.
Websense tracked the influx of POS application crashes in November, and found that a clothing retailer in the Eastern U.S. was infected with the Zeus variant.