pandasecurity-punkeyPOS-principal1

“PunkeyPOS” – Latest Malware to target POS terminals

Panda Security’s anti-malware laboratory, PandaLabs has been investigating current and new threats of Malware across the world, and has uncovered a new piece of Malware that is targeting POS terminals – “PunkeyPOS”.

How PunkeyPOS steals your details

PunkeyPOS installs a keylogger, responsible for monitoring keystrokes. It then installs a RAM-scrapper that reads the memory of all processes running on the system.
Using the information keylogger and RAM-scrapper collect the Malware then determines what information is relevant, such as information taken from the magnetic strip on the credit card.
pandasecurity-punkeyPOS-1
Once the relevant information has been gathered it is encrypted and forwarded to a remote web server. The information is encrypted to ensure that anyone scanning network traffic will not detect the card information.
This information can then be used at a later stage to clone the card and sell it on the black market.

A look inside PunkeyPOS

Panda was able to track this process through reverse engineering and analyzing their communications. Due to their neglect from the criminals PandaLabs was able to access PunkeyPOS’ control panel and analyse how it operates.
pandasecurity-punkeyPOS-2
When compared with earlier versions of POS Malware there is very little difference in the way this Malware operates. Nevertheless PunkeyPOS was able to compromise around 200 POS terminals around the world.
pandasecurity-punkeyPOS-3
POS terminals are the perfect target for cyber criminals, as successful infiltration of these devices allows them to gain access to credit card details that can easily be sold on the black market. For this reason Panda predicts that we will see many more Malware variants designed to target POS terminals in the future.

References:
http://krebsonsecurity.com/2016/06/slicing-into-a-point-of-sale-botnet/
https://www.trustwave.com/Resources/SpiderLabs-Blog/New-POS-Malware-Emerges—Punkey/

Related Posts

No Comments

Comments Closed