U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Punkey, a new POS Malware in the criminal ecosystem

During a recent investigation the experts at Trustwave encountered a new strain of POS malware dubbed Punkey which presents interesting features. Malware researchers at Trustwave have detected a new point of sale (PoS) malware dubbed Punkey that was used by criminal crews to compromise payment systems of some organisations. The experts discovered Punkey during a law […]

Punkey, a new POS Malware in the criminal ecosystem

During a recent investigation the experts at Trustwave encountered a new strain of POS malware dubbed Punkey which presents interesting features.

Malware researchers at Trustwave have detected a new point of sale (PoS) malware dubbed Punkey that was used by criminal crews to compromise payment systems of some organisations.

The experts discovered Punkey during a law enforcement investigation and since its discovery the PoS malware was improved in a significant way by its operators and the researchers discovered three different variants of the agent.

Trustwave speculates that different criminal crews used the Punkey for their campaigns tailoring it for specific targets in the retail industry.

punkey Pos malware

Punkey implements common features of other PoS malware, but experts were surprised by its ability to update and alter its capabilities remotely.

“A second thread has spawned that handles downloading arbitrary payloads from the C&C server, as well as, checking for updates to Punkey itself. This gives Punkey the ability to run additional tools on the system such as executing additional reconnaissance tools or performing privilege escalation. This is a rare feature for POS malware.” reads a blog post published by Trustwave SpiderLabs blog.

The malicious code also implements reconnaissance and hacking abilities.

“This traffic is AES encrypted, base64 encoded, then URL encoded. After reversing the process the data sent looks like this (no, it’s NOT a valid payment card number):”

punkey Pos malware 2

“This is where the naming fun comes into play! The combination of P(OST)unkey and calling the malware author a punk was just too sweet to pass up.” continues the post.

Data transferred by the Punkey PoS malware to C&C servers includes payment card numbers and data collected by the Keylogger module.

In the following table are listed the principal differences in the operation of Punkey versus the other malware variants.

punkey Pos malware 3

Since 2013, POS malware is rapidly evolving, the most interesting evolutions are related to evasion techniques and exfiltration methods.

The number of data breaches is growing at a fast pace and security experts sustain that measures to prevent cyber attacks against systems in the retail industry are still not adequate, for this reason it is important to monitor the evolution of this kind of threats.

Pierluigi Paganini

(Security Affairs –  Punkey, PoS malware)