Security analysts have uncovered a new point-of-sale (PoS) malware threat known as ‘Punkey’ during an investigation by the US Secret Service.
The new malicious program has three variants and is very similar to earlier found PoS malware NewPosThings, they said.
According to Trustwave, a US-based privately held information security company, Punkey can search for and steal personal details. It has the distinct ability to update and alter its capabilities remotely.
Investigators have found payment card information and more than 75 active victims IPs as part of the inquiry. However, it still remains unclear how many people became victims to Punkey POS malware.
Punkey is compatible for both 32-bit and 64-bit Windows-based PoS terminals. The malware injects itself into the Windows explorer.exe process and creates registry start-up entries to ensure its permanent presence. It also drops a file called DLLx64.dll which is the keylogger component.
All payment card details and keystrokes captured by the malware are first encrypted with AES (Advanced Encryption Standard) and are then sent back to a command-and-control (C&C) server.
The Punkey malware also performs keylogging, capturing 200 keystrokes at a time and sending them back to the server.
“The injection and hiding process with Punkey is more advanced than most of the point-of-sale malware that we currently see. In particular, command and control server interaction with the malware is something we don’t see very often,” the Trustwave researchers noted in a blog post.