U.S. retailers are hunting for evidence of new breaches leading into the holiday shopping season after a cyber intelligence firm privately warned them about payment-card-stealing malware that it said evades almost all security software.
"This is by far the most sophisticated point-of-sale malware seen to date," said Maria Noboa, lead technical analyst for privately held iSight Partners, which uncovered the malware and was due to release a technical report about it on Tuesday.
The firm had shared information about the malware, dubbed ModPOS, with clients in October, and briefed dozens of companies, including retailers, hospitality companies and payment-card processors, about its dangers.
Read More: Costco, Other Retailers Take Photo Centers Offline After Possible Breach
Retailers began hunting for the malware in the approach to this week's unofficial launch of the holiday shopping season, the busiest time of the year for most merchants, according to the Retail Cyber Intelligence Sharing Center (R-CISC), an industry group set up this year to fight hackers.
Retailers have been fending off increasingly sophisticated payment-card theft schemes for more than a decade. The biggest breaches to date include a notorious 2013 holiday-shopping-season attack on Target Corp and a major breach at Home Depot Inc , each of which compromised tens of millions of payment card numbers.
ISight declined to say how it uncovered the ModPOS threat or name any targeted retailers.
Read More: Kmart Becomes Latest Retailer to Report Data Breach