PinkKite malware targets point-of-sale endpoints

POS (or point-of-sale) areas are constant targets for criminals and for good reason. The POS is a treasure trove of customer data, from credit cards to banking info, and it has proven a lucrative target in the past. Infecting these point-of-sale areas with malware is not as difficult as it may seem, and for that reason, nefarious coders continue to craft malware in order to make a quick buck. The newest POS malware that has the cybersecurity community’s attention goes by the name of PinkKite.

PinkKite was discussed in-depth recently at Kaspersky Lab’s Security Analyst Summit. In the Threatpost article that covered the presentation, numerous points were discussed about PinkKite’s function and the threat it poses. The research was presented by Courtney Dayter and Matt Bromiley of Kroll Cyber Security.

According to the presentation, PinkKite (a name chosen almost at random) was first uncovered in 2017 as a part of a larger investigation into POS malware attacks. The malware is small, coming in at roughly 6KB, which allows it to avoid detection by IDS programs. PinkKite is unique when compared to its fellow point-of-sale malware. This point was discussed in depth via the following statement in the presentation:

Where PinkKite differs is its built-in persistence mechanisms, hard-coded double-XOR encryption (used on credit card numbers) and backend infrastructure that uses a clearinghouse to exfiltrate data to.

So far PinkKite has been employed to primarily collect credit card and debit card data (which is where the XOR encryption comes in handy). While researchers have not shared who they believe is behind the malware, they did confirm that PinkKite has been successfully deployed in the wild. According to the Kaspersky presentation, it is certain that at least one major company has come under attack by the malware and there will likely be more to follow.

Photo credit: PxHere

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

5 ways to automate Kubernetes cluster management

While there are a several tools and platforms to automate Kubernetes cluster management, it’s important…

1 hour ago

DevSecOps best practices to ensure quick and secure development

Organizations looking to unite application developers, security teams, and IT operations must implement DevSecOps best…

4 hours ago

Microsoft 365 administration: More on configuring Microsoft Teams

Our Microsoft 365 administration series continues with more on configuring Microsoft Teams. In this article,…

22 hours ago

Review: Powerful and secure faxing solution GFI FaxMaker

GFI FaxMaker is a powerful and complete solution that should meet the requirements of every…

1 day ago

Port in a storm: Creating port ACLs for Hyper-V for better security

There’s no rule that says that you have to make use of port ACLs, but…

1 day ago

Network appliances: A third way when servers and cloud just won’t cut it

If the cloud doesn't seem right and buying a server costs too much, maybe network…

2 days ago