Prilex blocks contactless payments

Kaspersky has revealed three new variants of the Prilex malware, created by a cybercriminal group named the most advanced Point-of-Sales (PoS) malware of 2022. Prilex modifications discovered they can now block near-field communication (NFC) contactless “infected” devices by forcing consumers to make transactions using their physical credit cards. This, in turn, enables cybercriminals to steal card details and therefore money.points

Prilex is a notorious threat vector that gradually evolved from malware targeting Automated Teller Machines (ATMs) to a unique modular Point of Sales (PoS) malware — the most advanced PoS threat discovered to date. As Kaspersky had described in 2022 as well, Prilex performs so-called "GHOST" attacks that allow it to carry out credit card fraud — even with cards protected by supposedly unhackable CHIP and PIN technology. Now, Prilex has evolved even further.

Security experts questioned whether Prilex was able to capture data coming from NFC-enabled credit cards. Recently, during a response to an incident involving a consumer affected by Prilex, Kaspersky researchers uncovered three new modifications that have the potential to block contactless payment transactions, which have become extremely popular during the pandemic and beyond.

Contactless payment systems, such as credit and debit cards, device authentication keys, and other smart devices, including wearable devices, have traditionally featured radio frequency identification (RFID). More recently, Samsung Pay, Apple Pay, Google Pay, Fitbit Pay and mobile bank applications have implemented near field communication (NFC) technologies to support secure contactless transactions.

Contactless credit cards offer a convenient and secure way to make payments without having to touch, insert or swipe your card. However, Prilex has learned to block such transactions by implementing a rules-based file that determines whether or not to capture credit card information and an option to block NFC-based transactions.rega

Excerpt from the Prilex rules file referring to NFC blocking

As NFC-based transactions generate a unique card number that is only valid for one transaction, if Prilex detects an NFC-based transaction and blocks it, the EFT software will program the PIN pad to display the following message:post

The fake Prilex error that appears on the PIN pad reader saying “Contactless transaction error, please enter your card”

The cybercriminal's goal is to force the victim to use their physical card by inserting it into the PIN pad reader. In this way, the malware can intercept data coming from the transaction, using any means available, such as manipulating encrypted messages to perform GHOST attacks. Another new feature added in the latest Prilex samples is the ability to filter credit cards by type and create different rules for different types. For example, they can block NFC and capture card data only if the card is Black/Unlimited, Corporate or other with a high transaction limit, which is much more attractive than standard, low balance/limit credit cards.

Active in the Latin American region since 2014, Prilex is said to be behind one of the largest attacks in the region. During the 2016 Rio de Janeiro Carnival, the threat actor cloned more than 28.000 credit cards and drained more than 1.000 ATMs at Brazilian banks. Now, he has expanded his attacks worldwide. Found in Germany in 2019 when a criminal gang cloned Mastercard debit cards issued by German bank OLB and extorted over €1,5 million from around 2.000 customers. As for the newly discovered modifications, they have been identified in Brazil – however, they may spread to other countries and regions.

“Contactless payments are now a part of our daily lives and statistics show that the retail industry has dominated the market with more than 59% share of global contactless revenue in 2021. Such transactions are extremely convenient and highly secure, so it makes sense that its criminals cyberspace to create malware that blocks NFC-related systems. As the transaction data generated during contactless payment is useless from the perspective of a cybercriminal, it is understandable that Prilex needs to prevent contactless payment to force victims to insert the card into the “infected” PoS device,” comments Fabio Assolini, Head of Latin American Global Research and Analysis Team (GReAT) at Kaspersky.

Read more about the new Prilex PoS malware modifications on Securelist.

To protect yourself from Prilex, Kaspersky recommends:

  • Use a layered solution that offers the optimal selection of protective layers to provide the best possible level of security for devices of different power and deployment scenarios.
  • Apply it Kaspersky SDK on PoS modules to prevent malicious code from tampering with transactions handled by these modules.
  • Secure older systems with state-of-the-art protection so they're optimized when running older versions of Windows and the latest Microsoft suite with full functionality. This ensures your business will have full support for older MS families for the foreseeable future and gives it the opportunity to upgrade whenever needed.
  • Install a security solution that protects devices from different attack vectors, such as Kaspersky Embedded Systems Security. If the device has extremely low system specifications, the Kaspersky solution will still protect it with a Default Deny script.
  • For financial institutions that fall victim to this type of fraud, Kaspersky recommends the Threat Attribution Engine to help IR teams find and locate Prilex files in compromised environments. The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.107 registrants.
Prilex, kaspersky, Point-of-Sales

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).