Punkey, a New Malware Targeting POS Systems

June 2, 2015, Written By Bill Hardekopf
Payment with credit card through the terminal isolated on white background

pLate last week, the FBI sent out an internal cyber alert warning retailers of a new malicious software on the market that could compromise their credit card data. The malware, named “Punkey” based on the sitcom character Punky Brewster, attacks point of sale terminals and collects credit card information stored within them.

Punkey was first discovered in April during a United States Secret Service investigation. Now, the FBI has revealed the malware has attacked a major restaurant chain, though they would not comment on which restaurant was affected.

The internal cyber alert is part of a legal requirement the FBI has to notify possible victims of cyber attacks. The notice said: “The FBI is distributing these indicators to enable network defense activities and to reduce the risk of similar attacks in the future. The FBI has high confidence that these indicators were involved in past network intrusions and will continue to be utilized by future cyber criminals.”

Punkey is similar to several other POS targeting malware programs already on the market, but it has the ability to download extra malware tools into an infected system. This gives hackers the ability to create significantly more problems once they are in the system, making it harder for investigators to identify the source of the breach and stop it from extracting more data.

Currently, Punkey has infected approximately 75 point of sale terminals.

The information contained within this article was accurate as of June 2, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.