PinkKite
PinkKite is a piece of malware that specializes in one single task – extracting credit card information from Point-Of-Sale (POS) devices. The credit card credentials stolen by the attackers may then be sold on underground hacking markets, and their buyers may often opt to make use of the funds found in the credit cards.
PinkKite shares some similarities with TinyPOS in terms of its file size, as well as the fact that it uses similar methods to extract and obfuscate information from the infected devices. The malware’s executable file is just 6KB in size, and it has the ability to verify all stolen credit card numbers by using the Luhn algorithm. Furthermore, it uses the XOR encryption on all information it coillects before transferring it to one of the servers the attackers use. The interesting bit about PinkKite’s infrastructure is that the malware does not communicate with a primary server – instead, it appears to use three ‘clearinghouses’ that are situated in the Netherlands, South Korea and Canada. These clearinghouses store the collected credit card data until the attackers use a remote desktop connection to manually extract it.
The campaign using PinkKite is likely to have collected thousands of credit cards already, but thanks to the very ‘noisy’ infrastructure that the attackers use, malware researchers were able to intercept the communication channels and assist with the elimination of the PinkKite malware from infected devices. However, this is unlikely to be the last time we will hear about PinkKite, and it would probably not be long before another large-scale campaign is launched against POS devices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.