FrameworkPOS, aka TRINITY, is POS malware associated with a threat actor FIN6. It is designed to capture physical point-of-sales systems in order to gain Track1 and Track2 data, which includes credit card account number, expiration date, and more.

RtPOS is a new breed of point of sale malware that has very limited functionality. It sits in the memory and watch only for credit card numbers and social security number patterns.