Security firm FireEye says it has discovered a botnet that is sniffing out point-of-sale systems and using brute force techniques to hack them and steal card data.
The BrutPOS botnet, comprising more than 5000 machines, scans specified IP address ranges for remote desktop protocol (RDP) servers that have weak or default passwords in an effort to locate vulnerable POS systems.
In a blog post, FireEye says that it found five command and control servers used by the botnet, two of which were still active and gave the firm some insight into the scam.
During a two week period, crooks managed to access 60 POS systems, working their way in by taking advantage of poor usernames such as 'administrator' and passwords like 'pos' and Password1'.
Warns FireEye: "While new malware and more advanced attacks are taking place, standard attacks against weak passwords for remote administration tools presents a significant threat."