According to the iSIGHT analysis, the software infects POS terminals, sends out the stolen information, then covers its tracks by automatically deleting those files.
The difficulty of detecting and tracing the attacks is what makes them so dangerous and has allowed hackers to breach multiple retailers over the last several months, according to the report.
The malicious software, named for a Russian word that appears several times in the code, was sold in black-market web forums starting last summer and was customized by hackers to fit specific victims, making attacks more effective, iSIGHT's Watters said.
The attacks show how cybercriminals are outpacing the ability of companies to respond, Watters said.
— With assistance from Cotten Timberlake in Washington and Renee Dudley in New York.