• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
prilex pos malware evolves to block contactless payments to steal

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

You are here: Home / General Cyber Security News / Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards
February 1, 2023

The Brazilian menace actors behind an state-of-the-art and modular point-of-sale (PoS) malware acknowledged as Prilex have reared their head after yet again with new updates that permit it to block contactless payment transactions.

Russian cybersecurity firm Kaspersky reported it detected a few variations of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are able of targeting NFC-enabled credit rating playing cards, using its felony plan a notch greater.

Having advanced out of ATM-concentrated malware into PoS malware above the years considering that heading operational in 2014, the risk actor steadily incorporated new functions that are built to aid credit rating card fraud, such as a method named GHOST transactions.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


While contactless payments have taken off in a massive way, in section because of to the COVID-19 pandemic, the fundamental motive powering the new operation is to disable the element so as to pressure the person to insert the card into the PIN pad.

To that finish, the latest version of Prilex, which Kaspersky found out in November 2022, has been found to implement a rule-primarily based logic to identify no matter if or not to seize credit card data together with an alternative to block NFC-primarily based transactions.

Prilex PoS Malware

“This is thanks to the truth that NFC-based mostly transactions usually produce a exceptional ID or card number valid for only 1 transaction,” researchers explained.

Ought to this sort of an NFC-dependent transaction be detected and blocked by the malware installed on the infected PoS terminal, the PIN pad reader displays a faux mistake message: “Contactless mistake, insert your card.”

This leads the target to use their bodily card by inserting it into the PIN pad reader, correctly permitting the threat actors to dedicate fraud. Another new characteristic extra to the artifacts is the potential to filter credit score playing cards by segments and craft regulations personalized to all those tiers.

“These procedures can block NFC and capture card data only if the card is a Black/Infinite, Company or an additional tier with a superior transaction limit, which is a great deal additional interesting than standard credit score playing cards with a reduced stability/limit,” the researchers noted.

“Considering the fact that transaction facts generated throughout a contactless payment are ineffective from a cybercriminal’s point of view, it is easy to understand that Prilex requirements to drive victims to insert the card into the infected PoS terminal.”

Uncovered this article attention-grabbing? Observe us on Twitter  and LinkedIn to examine much more exceptional content material we post.


Some components of this write-up are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Nearly 30,000 QNAP Devices Exposed Via New Bug
Next Post: New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices new sh1mmer exploit for chromebook unenrolls managed chromeos devices»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.