Attackers Used PunkeyPOS To Steal Data Over One Million Credit Cards

PunkeyPOS is a malware that has worried US restaurants these days and it runs on Windows and can be accessed through the data phones to steal sensitive data or information like account numbers, the content of magnetic strips on bank cards, etc.

Attackers Used PunkeyPOS To Steal Data Over One Million Credit Cards

Anti-virus firm PandaLabs has published the results of research activities of malware PunkeyPOS, infecting PoS-terminals in restaurants in the US and Europe, and is also capable of exposing data from any credit card.

Samples PunkeyPOS were first discovered in the past year. The new malware PunkeyPOS is the successor of the family NewPOSthings, which used to attack a lot of intruders. Initially, the key functional malware has detected the identity of the cardholder.

To carry out the theft of information, it simply installs first, a keylogger which is responsible for monitoring keystrokes, while the other ram-scraper that is responsible for reading the memory of the processes that are running.

According to the information of PandaLabs, Trojans can work on all versions of Windows, and its main task is to intercept the plastic card data, including numbers, the data on the tape maps and other information.

Based on the information captured, the malware performs a series of checks to determine what is valid and what is not. “From the keystrokes, PunkeyPOS only gets information that may appear to be a credit card, ignoring any other memory obtained via processes. The POS terminals read this information on the magnetic strips of bank cards and can be subsequently used to clone these cards, explained the security experts of the company.

Bot attackers run through a web-based interface where the Trojan is equipped with a built-in update mechanism, as well as re-infection systems. PandaLabs researchers analyzed that more than 200 PoS-terminals were infected in this way by the PunkeyPOS and most of the victims are from the United States.

However, once the relevant information is obtained, cybercriminals send it remotely to make duplicates and use that data in digital transactions. PandaLabs explains that they have managed to trace this shipment because the server of the hackers was not properly configured, allowing them to access information and locate the stolen data, and can even update the TPVs remotely.

Last week the American journalist Brian Krebs said in his blog about the large-scale operation which was aimed at infecting PoS-terminals. According to the information, from April this year, hackers have successfully stolen payment information of 1.2 million credit cards. Although vulnerability has been discovered in the US, but, the company has also identified vulnerabilities in Panama, France, United Kingdom, Romania, Japan or Australia.