New Versions of Prilex POS Malware Can Block Contactless Transactions
The Malware Will Steal Data By Obliging You to Insert the Card into the Machine.
Last updated on February 1, 2023
New versions of Prilex point-of-sale (POS) malware have been spotted in the wild. Their new capabilities include blocking Near Field Communication (NFC) credit card transactions. This way clients are obliged to use the machine to pay, allowing the malicious code to steal credit card details.
The NFC chips found in credit cards and mobile devices allow secure, contactless payments with credit cards, smartphones, or even smartwatches. But this method of payment makes it hard for POS malware to steal information, this is why cybercriminals found a new way to do it.
The New Prilex Versions
Kaspersky researchers found three new variants of the Prilex malware, the first one being spotted in November 2022: 06.03.8070, 06.03.8072, and 06.03.8080.
Furthermore, in September 2022, Kaspersky reported that Prilex added EMV cryptogram generation to evade transaction fraud detection and to perform “GHOST transactions” even when the card is protected with CHIP and PIN technology.
All these new variants block contactless transactions, making the POS display “Contactless error, insert your card”. The victim is forced to insert the card to finish the payment, and this is the moment when the data are stolen via the infected machine.
NFC transactions use a unique ID per transaction, making the exfiltrated data useless for cybercriminals, so they block those transactions using a rule-based file from the malware. After stealing the data, the hackers use cryptogram manipulation and “GHOST transaction” attacks.
Prilex new variations have also the capability to filter undesired cards and just collect data from particular providers and tiers.
These [filtering] rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit.
Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.