FireEye has discovered a new strain of POS malware dubbed Multigrain that steals card data from point-of-sale systems and exfiltrates it over DNS. The technique is very effective because DNS traffic isnt filtered by target organizations making hard the detection for the data exfiltration. The malware collects the volume serial number and part of the MAC address and creates a hash of the concatenated value using the DJB2 hashing algorithm. It then makes a DNS query with this information to a hardcoded domain, notifying the attacker of a successful installation.”]
Source: https://securityaffairs.co/wordpress/46496/malware/multigrain-pos-malware.html