Tuesday, March 19, 2024

New Prilex Malware Blocks Contactless Payments to Steal Credit Card Data

Prilex is indeed a single threat actor that transformed from malware targeted at ATMs into distinctive modular point-of-sale (PoS) malware. Prilex has resurfaced with new upgrades that allow it to block contactless payment transactions.

This is extremely sophisticated malware that uses a special cryptographic technique, patches target software in real-time, forces protocol downgrades, manipulates with cryptograms, performs GHOST transactions, and commits credit card fraud—even on cards protected by unhackable CHIP and PIN technology.

Targeting Contactless Credit Card Transactions

Credit and debit cards, key fobs, smart cards, and other devices are included in contactless payment systems. 

Near-field communication (NFC), which is used by Samsung Pay, Apple Pay, Google Pay, Fitbit Pay, and any other bank mobile application that supports contactless payments, is also a component of these systems.

According to the Kaspersky report, the embedded integrated circuit chip and antenna enable consumers to pay by waving their card, fob, or handheld device over a reader at a point-of-sale terminal.

“Contactless payments are made in close physical proximity, unlike other types of mobile payments that use broad-area cellular or WiFi networks and do not require close physical proximity”, Kaspersky.

Following the Prilex PoS malware closely, Kaspersky claims to have discovered at least three new variations with the version numbers 06.03.8070, 06.03.8072, and 06.03.8080, which were initially made available in November 2022.

The COVID-19 pandemic and other factors have made contactless payments quite popular, but the real purpose of this new functionality is to disable the feature and make the user insert the card into the PIN pad.

“Prilex now implements a rule-based file that specifies whether or not to capture credit card information and an option to block NFC-based transactions”, Kaspersky researchers.

Excerpt from a Prilex rules file referencing NFC blocking
Excerpt from Prilex rules file referencing NFC blocking
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/01/27083644/Prilex_blocks_NFC_03.png
Prilex-generated error on the PoS

When the new Prilex feature is turned on, contactless transactions are blocked, and the payment terminal displays the message “Contactless error, insert your card.”

This makes it simpler to obtain the card information through the payment terminal because it forces the victim to complete the transaction by inserting a credit card.

“The goal here is to force the victim to use their physical card by inserting it into the PIN pad reader, so the malware will be able to capture the data coming from the transaction by using all the techniques such as manipulating cryptograms and performing a GHOST attack”, researchers explain.

The option to filter unwanted cards and only collect data from particular providers and tiers is another interesting feature that can be found for the first time on the most recent Prilex variations.

“These [filtering] rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit”, researchers

It is obvious that Prilex needs to force victims to insert the card into the compromised PoS terminal because the transaction data created during a contactless payment are meaningless from a cyber criminal’s perspective.

Network Security Checklist – Download Free E-Book

Website

Latest articles

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device...

Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

A critical vulnerability was discovered in two plugins developed by miniOrange.The affected plugins,...

ShadowSyndicate Hackers Exploiting Aiohttp Vulnerability To Access Sensitive Data

A new Aiohttp vulnerability has been discovered, which the threat actor ShadowSyndicate exploits.Aiohttp...

Hackers Launching AI-Powered Cyber Attacks to Steal Billions

INTERPOL's latest assessment on global financial fraud uncovers the sophisticated evolution of cybercrime, fueled...

Fujitsu Hacked – Attackers Infected The Company Computers with Malware

Fujitsu Limited announced the discovery of malware on several of its operational computers, raising...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles