Visa Security Alert: “Rawpos” Malware Targeting Lodging Merchants

By at 30 March, 2015, 8:22 am


The “rawpos” malware is a memory scraper infecting global lodging merchants at an alarming rate. Variants date as far back as 2008, and it is one of the first known memory scrapers to target Point of Sale (POS) systems. Typically clustered in three files, there is no standard infection method for this malware. Of particular note with recent samples is a logic bomb that does not function outside the timing parameters. Adherence to PCI DSS 3.0 should mitigate this malware.

Visa has highlighted this security issue in the attached data security alert. This publication outlines the attack vector and provides detection and mitigation practices along with other resources. This data security alert may be disseminated to all payment system stakeholders. The alert, posted on SBE Council’s website, can also be found at the Visa Data Security website at

News and Media Releases