Cybersecurity researchers have spotted new versions of a known Point of Sale (PoS) malware (opens in new tab) that blocks advanced features to be able to steal credit card data.
The team from Kaspersky observed the Prilex PoS malware versions 06.03.8070, 06.03.8072, and 06.03.8080, in the wild. These versions were released in November 2022, and prevent the terminal from accepting contactless credit card transactions.
Contactless transactions, made possible due to near-field communication (NFC) chips found in both PoS terminals on one end, and credit/debit cards, smartphones and smart watches on the other, exploded in popularity during the Covid-19 pandemic. The technology allows consumers to purchase goods and services without actually inserting their credit cards, making it almost impossible for hackers to steal the data via PoS malware.
Swiping away the data
However to work around this issue, the threat actors deployed a new version of Prilex, which blocks PoS terminals from accepting contactless payments.
If a user tries to initiate such a transaction on a compromised endpoint, it will only get an error message, forcing them to swipe their cards and, ultimately, share sensitive data with the attackers.
After stealing the data, the researchers say, the attackers can run cryptogram manipulation and “GHOST transaction” attacks.
Prilex operators have been busy, the researchers say. They’ve been adding new features for months now, and before these, they added EMV cryptogram generation which allows them to evade getting detected and initiate “GHOST transaction” attacks even on cards protected with CHIP and PIN. They also added a way to filter cards and grab data only from specific providers.
“These [filtering] rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit,” Kaspersky said.
Via: BleepingComputer (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba