A botnet which targets shopping tills has been discovered - and it could be responsible for stealing a "titanic volume" of credit card details.
A botnet is a distributed network of computers infected with viruses or malware, which are used to harvest data and send it back to scammers.
But in this instance the viruses also compromised 'point of sale' (PoS) machines, or shopping tills, and managed to send back details of payments taken by unwitting staff.
Up to 20,000 payment cards since August may have been compromised by the botnet, researchers said, though the number could be much higher.
The difference is that the latest scam appears to be much more advanced, researchers said. It uses a more elegant software set-up, in which hackers can monitor individual machines in real time, across a wide area. They can also issue commands to individual machines, sending back data on demand.
In a separate finding, Arbor Networks reported finding a botnet set up to steal credit and debit cards from PoS machines, including in the UK.
It is thought that while the software used to run the botnets is relatively advanced, installing it on machines relies on the same old simple vulnerabilities: poor passwords, a lack of timely security updates and unpatched software.