The BlackPOS malware is not hidden or cloaked by any type of rootkit technology. It does exhibit some of the common malware characteristics, but it also does not behave like other malware. An antivirus scan would be one of the lowest-effort attempts to find the threats. The data is obfuscated, so a GREP search would not find it. An analyst says you should assume that they were either not detected or that conducting a malware scan was not an option. It is designed to shuffle collected data to a common Windows file share (SMB)”]
Source: https://securityintelligence.com/are-you-digging-deep-when-antivirus-is-not-enough/