Kroll Cyber Security has detected a small footprint Point of sale malware called PinkKite that is currently active in the wild.PinkKite's details were unveiled by Kroll researchers Courtney Dayter and Matt Bromiley at Kaspersky Lab's Security Analyst Summit, according to ThreatPost. Kroll's team was tipped off by a customer who had learned that its client's credit cards were being sold on the Dark Web so the team launched what would then be a nine-month-long investigation.
What Kroll found is the malware, like most infecting POS systems, is quite small – just 6k. It was most likely injected into a single system and then was able to spread laterally through the company's network, ThreatPost said. The malware is able to pull credit card numbers from the POS device, validate them and send them along to one of three storage facilities South Korea, Canada and The Netherlands for future use.
The Kroll researchers did not release how many credit card numbers may be affected nor who could be behind the campaign.