PunkeyPOS is a new type of Point of Sale Malware which was discovered by PandaLabs in 2016.[1][2] This new Point of Sale Malware infects the Point of Sale(POS) Systems with two types of malware applications - keylogger and RAM Scraper.[3] PunkeyPOS gets installed into the computer automatically without the knowledge of the user, in a similar manner as other POS malware.
The keylogger captures and records the keystrokes made at the POS terminals in the retail stores. It captures data only related to credit cards. The RAM Scraper reads the memory of the system processes in the POS terminals.[4][5] The information in the magnetic strips on the cards gets stored in the POS terminal/ device memory and this stolen information is then encrypted and forwarded to the cybercriminal's Control and Command Server (C&C).
It has been reported by PandaLabs that about 200 retail stores that use POS systems have been infected with this new variant of PunkeyPOS malware.[6][7]