New POS malware named Punkey found
Posted by: Timothy Weaver on 04/20/2015 09:14 AM
[
Comments
]
An investigation led by the US Secret Service has identified a new strain of point-of-sale (POS) malware named Punkey.
During the probe, security researchers at Trustwave found stolen payment card information and the IP addresses of more than 75 infected sales tills.
Trustwave researchers looked at multiple command-and-control servers and found that they were being used to spread the Punkey malware.
Punkey hides inside the explorer.exe process on Windows POS systems. Once it is activated, the malware searches the memory of other running programs for card holder data. It also connects with Command and Control servers for software updates.
Researchers aren't certain, but think the malware gets into system by either easy-to-crack passwords or through cashiers using the POS system to browse malicious websites or open phishing emails.
The Punkey malware also includes keystroke malware. That info allows cyber crooks to upload usernames and passwords.
It's unclear how many victims the so-called Punkey POS malware has claimed.
Source: The Register.uk
During the probe, security researchers at Trustwave found stolen payment card information and the IP addresses of more than 75 infected sales tills.Trustwave researchers looked at multiple command-and-control servers and found that they were being used to spread the Punkey malware.
Punkey hides inside the explorer.exe process on Windows POS systems. Once it is activated, the malware searches the memory of other running programs for card holder data. It also connects with Command and Control servers for software updates.
Researchers aren't certain, but think the malware gets into system by either easy-to-crack passwords or through cashiers using the POS system to browse malicious websites or open phishing emails.
The Punkey malware also includes keystroke malware. That info allows cyber crooks to upload usernames and passwords.
It's unclear how many victims the so-called Punkey POS malware has claimed.
Source: The Register.uk
Comments
