PinkKite malware targets point-of-sale endpoints

POS (or point-of-sale) areas are constant targets for criminals and for good reason. The POS is a treasure trove of customer data, from credit cards to banking info, and it has proven a lucrative target in the past. Infecting these point-of-sale areas with malware is not as difficult as it may seem, and for that reason, nefarious coders continue to craft malware in order to make a quick buck. The newest POS malware that has the cybersecurity community’s attention goes by the name of PinkKite.

PinkKite was discussed in-depth recently at Kaspersky Lab’s Security Analyst Summit. In the Threatpost article that covered the presentation, numerous points were discussed about PinkKite’s function and the threat it poses. The research was presented by Courtney Dayter and Matt Bromiley of Kroll Cyber Security.

According to the presentation, PinkKite (a name chosen almost at random) was first uncovered in 2017 as a part of a larger investigation into POS malware attacks. The malware is small, coming in at roughly 6KB, which allows it to avoid detection by IDS programs. PinkKite is unique when compared to its fellow point-of-sale malware. This point was discussed in depth via the following statement in the presentation:

Where PinkKite differs is its built-in persistence mechanisms, hard-coded double-XOR encryption (used on credit card numbers) and backend infrastructure that uses a clearinghouse to exfiltrate data to.

So far PinkKite has been employed to primarily collect credit card and debit card data (which is where the XOR encryption comes in handy). While researchers have not shared who they believe is behind the malware, they did confirm that PinkKite has been successfully deployed in the wild. According to the Kaspersky presentation, it is certain that at least one major company has come under attack by the malware and there will likely be more to follow.

Photo credit: PxHere

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Who says configuration management can’t be fun?

Managing change in an enterprise isn’t easy and it’s usually no fun. Here’s a book on configuration management that will…

2 hours ago

Choosing the right communication tools for your business

Choosing communication tools is like choosing a first progamming language. While you want easy, you also want cross-platform, security, and…

5 hours ago

Ignite 2019: Azure Arc extends Azure management across infrastructures

In one of the biggest announcements at this month's Ignite 2019, Microsoft gave us details Azure Arc, a new set…

22 hours ago

Your eyes are not playing tricks: New Azure Portal features

If you logged into Azure Portal over the past few days, you may have suffered a little disorientation. Some new…

1 day ago

Sky is falling: Will the cloud end up bankrupting your small business?

Cloud computing offers many benefits to small businesses, but it also brings certain risks, including the risk of bankrupting your…

1 day ago

Managing accelerated networking in Azure IaaS virtual machines

Configuring your IaaS Azure virtual machines to take advantage of accelerated networking can vastly improve network performance. Here’s how to…

1 day ago