New malware injection technique poses retail risk