PinkKite

PinkKite Description

PinkKite is malware designed to collect credit card information from POS (Point-Of-Sale) devices. Once collected, the data is then stored and likely going to be sold the Dark Web, which is the Mecca for shady, underground online activities.

PinkKite is malware fairly small in size with its executable file being just 6KB. Despite its small size, PinkKite is not to be underestimated. This malware has the capability to employ the Luhn algorithm and therefore can verify the numbers of the collected credit cards. PinkKite also can obfuscate the data it has collected by using XOR encryption algorithm. After encrypting the collected information, PinkKite would proceed to upload it to one of its own servers. What malware experts found peculiar about PinkKite is that instead of sending the data collected to its main server, it stores it in these so-called 'clearinghouses,' and then the authors of PinkKite download the data to their primary server manually. These clearinghouses are located in South Korea, the Netherlands and Canada. It is likely that it is these various remote server transactions that caused the attack to be intercepted and halted as it would seem suspicious if there is traffic connected to the POS going through Canada, South Korea, and the Netherlands out of the blue.

It is believed that ever since the attack was stopped some of the infected devices have already been cleared. Unfortunately, it is likely that PinkKite will make a return after the attackers have polished their methods more possibly.