This family is around since 2010 and according to a Visa report (September 2020) this malware was used in an intrusion of a North American merchant. Visa also states that the code of MMon has been used as a base for multiple point-of-sale (POS) malware families, such as: JavalinPOS, BlackPOS, POSRAM and more.
mmon.pdb is a good indicator to identify samples that are based on MMon.
MMon supports a couple command line options. It can scan all processes or specific processes and it can scan for kartoxa (card data) and also for specific patterns.
To search within the process memory it use a combination of OpenProcess(), VirtualQueryEx(), ReadProcessMemory().
The tracks are validated with the Luhn algorithm.
As seen below, MMon was able to find the tracks within the notepad process.
MMon is basically a simple command line tool to find credit card data and other patterns within process memory.