[jason_slack]

so are these hardware that somehow people manage to sneak and install on a store's network? How would them monitor traffic and get the credit card info?

Edit: The articles does say: "Attackers installed these RAM scrapers surreptitiously on the point-of-sale systems used to scan and process credit and debit card transactions at Albertson’s and Supervalu. The tools make it easy to steal card numbers by the millions as they pass through the system."

But still a bit confusing if these are hardware devices or somehow they install software to do this.

[aeling]

They're purely software. The article does briefly discuss attacks on ATMs and similar devices that use concealed hardware to intercept user data, but the RAM scrapers that are the main focus of the article are just pieces of software.

[biot]

The article also says:

  "RAM scrapers, by contrast, can be installed remotely on a Big Box
   retailer’s network and deployed widely to dozens of stores in a
   franchise, without an attacker ever leaving his computer. They can
   also be deleted remotely to erase crucial evidence of the crime."

The ability to remotely install and delete RAM scrapers from anywhere in the world precludes this being a hardware device.