Credit card readers in "dozens" of shops around the world were infected with the Trojan horse "Tsumbaka", designed to bypass the buyer's data, a computer security company announced.
According to US RSA Security, the malware was detected in 12 countries, among them the USA, the Russia and Canada - the rest are not named.
The credit card numbers stolen by the Trojan horse were transmitted to a central server set up by unknown hackers, which has now been taken down operation. Affected stores were notified by RSA.
The malicious code was disguised as a file handling prints. It took the name "Tsiubaka" from the host page displayed by the hacker server and showed the familiar character from the Star Wars.
Stolen data was routed through the "dark" Tor network, which is used to conceal the user's identity when surfing the Internet.
The Tsiubaka case is not the first of its kind. As the BBC notes, at the end of 2013, infected funds in the American Tiger chain have stolen 40 data from millions of credit and debit charts, and a similar attack has been perceived in Neiman Marcus luxury shops.
In the wake of the cyberattacks, the FBI issued a warning to shopkeepers about the risk infringementof the equipment at the cash registers.