Despite being one of the oldest Point-of-Sale (PoS) RAM scraper malware families out in the wild, RawPOS (detected by Trend Micro as TSPY_RAWPOS) is still very active today, with the threat actors behind it primarily focusing on the lucrative multibillion-dollar hospitality industry. While the threat actor’s tools for lateral movement, as well as RawPOS’ components, remain consistent,