PandaLabs researchers have found a new variant of PonkeyPOS on about 200 POS terminals in the US. The malware is designed to steal credit card details from infected victims.
According to Infosecurity magazine:
In terms of functionality, the malware includes a keylogger responsible for monitoring keystrokes and a RAM scraper designed to read the memory of processors running on the system.
PunkeyPOS will decide which data is relevant and ignore anything that isn’t card data, which is read from the magnetic stripe and sold to fraudsters who can use it to clone cards for use at a later date.
“Once the relevant information has been obtained, it is encrypted and forwarded to a remote web server which is also the command and control (C&C) server,” Panda Security explained.
“In order to avoid the detection of the card information in case somebody is scanning the network traffic, it is encrypted before it is sent using the AES algorithm.
The malware is similar to another variant of the same family found in April, 2015.