Credit card readers in "dozens" of shops around the world were infected with the Trojan horse "Tsumbaka", designed to bypass the buyer's data, a computer security company announced.
According to US RSA Security, malicious software was detected in 12 countries, including the US, Russia and Canada - the rest are not named.
The credit card numbers that the Trojan horse sent were transmitted to a central server that had set up unknown hackers, which are now out of service. Affected stores were informed by RSA.
The malicious code was disguised as a file handling prints. It took the name "Tsiubaka" from the host page displayed by the hacker server and showed the familiar character from the Star Wars.
Stolen data was routed through the "dark" Tor network, which is used to conceal the user's identity when surfing the Internet.
The Tsiubaka case is not the first of its kind. As the BBC notes, at the end of 2013, infected funds in the American Tiger chain have stolen 40 data from millions of credit and debit charts, and a similar attack has been perceived in Neiman Marcus luxury shops.
In the wake of cyber attacks, the FBI issued a warning to shopkeepers about the risk of equipment being tampered with.