Most consumers understand the need to take precautions when it comes to money matters online, but soon they could be faced with an even more troublesome threat to their financial security. According to a report from a Russian security company, hackers have developed a new kind of malware that ignores PCs and mobile devices, going straight for the money by infecting ATMs and physical registers in order to harvest valuable credit card data.

Security Weekly reports that the ATM malware was discovered by researchers from Group-IB. Called the “Dump Memory Grabber”, the virus is already believed to have stolen data from hundreds of credit and debit cards using major banks like Citibank, Capital One, Chase and others.

Unlike traditional malware, the researchers believe that Dump Memory Grabber is installed directly into ATM machines, cash registers, kiosks and other points-of-sale. Once a machine is infected, the malware then transmits the data it harvests from people’s cards directly to the hackers – including account numbers, PIN numbers, card holder names and expiration dates.

Group-IB further explains that the hackers are most likely using simple flash drives to export the malware – most modern ATMs and registers have accessible ports which they can be plugged into, and of course these are all connected directly to the web.

Using the data that they steal, the hackers are then able to create ‘clones’ of their victim’s credit and debit cards. Furthermore, it’s believed that in order to do this the hackers likely have the cooperation of individuals that have access to ATMs and POS systems, most likely employees.

The researchers revealed to Security Weekly how they came across a video posted by the person who created Dump Memory Grabber, which displays a list of numerous stolen credit card details. Clues from the video show that the hacker goes by the name of “Wagner Richard”, and that he or she is likely to be Russian.

While scams involving “skimming” are nothing new (i.e. an employee secretly swiping a card through a device that records the card’s details), the use of malware to infect POS systems and ATMs is far more worrying, as such ploys cannot easily be detected. Quite simply, it’s impossible to tell if an ATM machine could be infected with the malware.

Even more worrying is that Group-IB suggests that Dump Memory Grabber is likely to be the work of an organized criminal gang with members from Russia, Ukraine and Armenia. The gang, which Security Weekly claims is an offshoot of the Anonymous collective, is also believed to carry out DDoS attacks for hire for as little as $2 an hour.