A Windows Point-of-Sale (POS) malware has been discovered using the DNS protocol to smuggle stolen credit cards to a remote server under attacker’s control. The Alina POS malware is installed on point of sale systems to monitor for payments using credit cards. When a payment is processed on a remote terminal or the local machine, the malware will scrape the credit card information from the computer’s memory and send it to a command and control server operated by the attackers. The attackers collect the data and use it to make fraudulent purchases, clone credit cards, or sell the data on dark web marketplaces.
Source: https://www.bleepingcomputer.com/news/security/windows-pos-malware-uses-dns-to-smuggle-stolen-credit-cards/