The botnets could be a handiwork of a bad actor from Serbia.
Security researchers from IntelCrawler have detected botnets called Nemanja which said to have infected about 1500 POS terminals including accounting systems and grocery management platforms.
The compromised POS sytems are from Argentina, Australia, Austria, Bangladesh, Belgium, Brazil, Canada, Chile, China, Czech Republic, Denmark, Estonia, France, Germany, Hong Kong.
POS sytems have also been affected from countries including India, Indonesia, Israel, Italy, Japan, Mexico, Netherlands, New Zealand, Poland, Portugal, Russian Federation, South Africa, Spain, Switzerland, Taiwan, Turkey, UK, USA, Uruguay, Venezuela and Zambia.
The botnet affected POS systems could make small businesses and grocery stores from these countries vulnerable to attacks.
IntelCrawler said in a post, "We predict an increasing number of new data breaches in both sectors in the next few years, as well as the appearance of new types of specific malicious code targeted at retailers' backoffice systems and cash registers.
"The nature of POS-related crimes can be different from country to country, but it shows the insecurity of modern payment environments."
"The bad actors combine several attack vectors in order to infect operators' stations - "drive-by-download" and remote administration channels hacking."
According to the researchers, the botnets could be a handiwork of a bad actor from Serbia.
The researchers also expect that the POS malware could become a part of RAT/Trojans and other harmful software acting as a module, which may be used along with keylogger and network sniffing malware.