Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data

The Prilex point-of-sale (PoS) malware has been modified to block contactless transactions to force the insertion of credit cards and steal their information.

The point-of-sale (PoS) malware named Prilex has been modified to block contactless transactions in an effort to force users to insert their credit cards into terminals and steal their information.

Initially detailed in 2017, Prilex has evolved from targeting ATMs into an advanced PoS malware that can perform a broad range of nefarious activities leading to credit card fraud.

Unlike other memory scrapers typically seen in attacks targeting PoS terminals, Prilex can perform real-time patching on targeted software, force protocol downgrades, manipulate cryptograms, and perform GHOST attacks, and also uses a unique cryptographic scheme.

Also capable of performing fraud on cards protected by chip-and-PIN technology, the latest Prilex versions can now capture data from contactless (NFC enabled) cards, Kaspersky has discovered.

Contactless payment systems rely on radio-frequency identification (RFID) or near-field communication (NFC) technology integrated into cards, mobile devices, key fobs, wearables, and other devices, allowing individuals to make secure payments by simply waving their card or mobile device over the PoS terminal.

When the card is placed near, the contactless-enabled payment terminal sends a signal to activate the RFID chip embedded in the card, which in turn responds with a unique identification number (ID) and transaction information.

This transaction information cannot be reused, so it is useless to cybercriminals who capture it.

To overcome this inconvenience, Prilex’ developers updated the malware with code that blocks contactless transactions, which results in the terminal prompting the buyer to insert their credit card in the device.

Advertisement. Scroll to continue reading.

“The goal here is to force the victim to use their physical card by inserting it into the PIN pad reader, so the malware will be able to capture the data coming from the transaction,” Kaspersky notes.

The code was found in Prilex samples that emerged at the end of 2022, and which can also filter cards according to segment, such as to only block a contactless transaction and to capture the card information if the card is in a tier with a high transaction limit.

“Since transaction data generated during a contactless payment are useless from a cybercriminal’s perspective, it is understandable that Prilex needs to force victims to insert the card into the infected PoS terminal. While the group is looking for a way to commit fraud with unique credit card numbers, this clever trick allows it to continue operating,” Kaspersky concludes.

Related: PyPI Users Targeted With PoweRAT Malware

Related: Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives

Related: Omron PLC Vulnerability Exploited by Sophisticated ICS Malware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.