Breach, Threat Management, Data Security, Malware

Shoddy server configuration gives researchers glimpse into PunkeyPOS

PandaLabs researchers claim to have hacked into the server that controls the PunkeyPOS malware, which has been targeting restaurants in the U.S.

Despite the password protections in place, PandaLabs was able to access the server without credentials because the bad guys behind the attacks didn't properly configure it, researchers said in a June 23 post.

Once in the server, researchers saw where PunkeyPOS sends the stolen information and were also able to see where nearly 200 POS terminal infections were located. Most of the victims were in the United States, however, there were a few in Europe, Asia and Australia.

Researchers also said they found a panel that allowed the criminals to access the stolen data, re-infect victims, and update current POS bots.The version number of the PunkeyPOS variant was dated April 1, 2016 meaning it was a recent campaign, according to the post.

Researchers said in the post that they left their findings “at the disposal of American law enforcement so they can take the appropriate actions.”

Earlier this month, Krebs on Security reported that PunkeyPOS may have been responsible for the CiCi's pizza breach however, PandaLabs didn't mention which companies had been infected by the malware and was unable to reach PandaLabs for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.