Over the past few years point-of-sale systems have become attractive targets for hackers, reflected in the increased number of RAM-scraping malware programs that have been identified.
Now, on PoSeidon's heels, emerges a new threat. Security researchers from Trustwave are warning of another RAM-scraping program that steals payment card information from the memory of POS systems. This malware is called Punkey, and was discovered during an investigation conducted alongside the U.S. Secret Service. The malicious program has at least three variants and is similar to another family of POS malware known as NewPosThings. The similarities suggest that both programs are, at the very least, based on the same source code.
Punkey has versions that attack both 32-bit and 64-bit Windows-based POS systems. In addition to stealing payment card information while the card is being processed, the malware also installs a keylogger to capture what employees type onto systems. Information that is capture is encrypted and sent back to a command server.
Like PoSeidon, Punkey can download and execute other malicious files, such as updates for itself.
"This gives Punkey the ability to run additional tools on the system such as executing additional reconnaissance tools or performing privilege escalation," the Trustwave researchers said "This is a rare feature for POS malware."
Trustwave has created a tool that can decrypt Punkey traffic. This can help terminal owners identify Punkey traffic on their networks. In addition POS system owners should be sure that their credit card payment software is always up-to-date, to protect customers from the newest threats.