A botnet which targets shopping tills has been discovered - and it could be responsible for stealing a "titanic volume" of credit card details.
Ars Technica reports that researchers from Intel Crawler found the problem after infiltrating one of the computers behind the scam.
A botnet is a distributed network of computers infected with viruses or malware, which are used to harvest data and send it back to scammers.
But in this instance the viruses also compromised 'point of sale' (PoS) machines, or shopping tills, and managed to send back details of payments taken by unwitting staff.
Up to 20,000 payment cards since August may have been compromised by the botnet, researchers said, though the number could be much higher.
Hacking of payment machines is not unusual - a previous hack targeting Subway managed to collect 146,000 cards' worth of data from just 200 individual shops, Ars Technica pointed out.
The difference is that the latest scam appears to be much more advanced, researchers said. It uses a more elegant software set-up, in which hackers can monitor individual machines in real time, across a wide area. They can also issue commands to individual machines, sending back data on demand.
In a separate finding, Arbor Networks reported finding a botnet set up to steal credit and debit cards from PoS machines, including in the UK.
It is thought that while the software used to run the botnets is relatively advanced, installing it on machines relies on the same old simple vulnerabilities: poor passwords, a lack of timely security updates and unpatched software.