PunkeyPOS Malware Variant found in US POS Terminals

what-is-malware-as-a-servicePandaLabs researchers have found a new variant of PonkeyPOS on about 200 POS terminals in the US. The malware is designed to steal credit card details from infected victims.

According to Infosecurity magazine:
In terms of functionality, the malware includes a keylogger responsible for monitoring keystrokes and a RAM scraper designed to read the memory of processors running on the system.

PunkeyPOS will decide which data is relevant and ignore anything that isn’t card data, which is read from the magnetic stripe and sold to fraudsters who can use it to clone cards for use at a later date.

“Once the relevant information has been obtained, it is encrypted and forwarded to a remote web server which is also the command and control (C&C) server,” Panda Security explained.

“In order to avoid the detection of the card information in case somebody is scanning the network traffic, it is encrypted before it is sent using the AES algorithm.

The malware is similar to another variant of the same family found in April, 2015.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s