Shoddy server configuration gives researchers glimpse into PunkeyPOS

PandaLabs researchers said they cracked into the server controlling the PunkeyPOS malware.
PandaLabs researchers said they cracked into the server controlling the PunkeyPOS malware.

PandaLabs researchers claim to have hacked into the server that controls the PunkeyPOS malware, which has been targeting restaurants in the U.S.

Despite the password protections in place, PandaLabs was able to access the server without credentials because the bad guys behind the attacks didn't properly configure it, researchers said in a June 23 post.

Once in the server, researchers saw where PunkeyPOS sends the stolen information and were also able to see where nearly 200 POS terminal infections were located. Most of the victims were in the United States, however, there were a few in Europe, Asia and Australia.

Researchers also said they found a panel that allowed the criminals to access the stolen data, re-infect victims, and update current POS bots.The version number of the PunkeyPOS variant was dated April 1, 2016 meaning it was a recent campaign, according to the post.

Researchers said in the post that they left their findings “at the disposal of American law enforcement so they can take the appropriate actions.”

Earlier this month, Krebs on Security reported that PunkeyPOS may have been responsible for the CiCi's pizza breach however, PandaLabs didn't mention which companies had been infected by the malware and SCMagazine.com was unable to reach PandaLabs for comment.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS