Punkey Malware

The Punkey Malware is a recently released point-of-sale threat. According to a warning from the FBI, the Punkey Malware may be used to gather credit card information directly from point-of-sale devices. The Punkey Malware was involved in an attack on a restaurant chain's computer, leading to a warning from the FBI involving this threat infection. According to this internal alert, the Punkey Malware has specific software signatures and is currently named after 'Punky Brewster', a character in a cartoon from the 1980s. Point-of-sale attacks have been highly profitable in recent years and have posed a significant challenge to companies dealing with these types of attacks. Resorts, casinos, restaurants and hotels (all businesses that tend to deal with credit cards in high volumes) have been targeted in recent point-of-sale attacks, quickly monetizing the collected credit card data by distributing it on underground forums and the Darknet.

Investigations Involving the Punkey Malware

Due to recent changes to reporting laws to crack down on threats, the FBI is now legally required to notify the victims of the Punkey Malware attacks. Although the name of the affected business has not been released, a popular restaurant chain has been targeted by these types of attacks. Currently, steps are being taken to lower the risk of becoming infected by the Punkey Malware and similar infections, many with the cooperation of law enforcement agencies. PC security researchers are urged to notify investigators of the Punkey Malware attacks and remove these types of infectors at once with the help of strong, fully updated security software.

The Punkey Malware and Similar Point-of-Sale Attack

Currently, there are thousands of businesses that may have become compromised by the Punkey Malware and similar attacks. Awareness amongst the public of these kinds of attacks has increased, particularly after attacks on businesses such as Michael's, Target, Home Depot, P. F. Chang's and Jimmy John's. Attacks like the Punkey Malware work by scanning for and collecting the uncoded credit card data while it is still in plain text on the infected computer's RAM. Threats like the Punkey Malware target payment processing computers, terminals, credit card readers and similar devices that are used at the moment of sale. The Punkey Malware is designed to target any device that slides a credit card through a credit card reader as part of a payment transaction. These types of devices may be part of networks connected to the Internet, which, when compromised, may allow third parties to obtain the information of millions of potential victims. Rather than using this information themselves, third parties may take this credit card data and then sell it on Darknet forums, anonymous websites located in parts of the Internet only reachable using TOR or other specialized Web browsers.

When discovered, the Punkey Malware was particularly troubling. The Punkey Malware is a sophisticated threat that may inject itself into the targeted computer, carry out full scans, encrypt the collected information, and establish an anonymous, encrypted connection with its own servers to relay the collected data. The Punkey Malware seems to be related to NewPOSThings, a previous point-of-sale infection. One aspect of the Punkey Malware that makes its attack particularly effective is its obfuscation. The Punkey Malware includes an embedded decryption key and can encrypt and scramble data to make the Punkey Malware more difficult to remove and be intercepted.

The Punkey Malware has infected at least 75 computers around the world, each with the potential to compromise hundreds or even thousands of credit card numbers and data. The Punkey Malware receives its name after a line of code in this infection which reads 'P(ost)unkey.'