Be Careful, New Variant Malware Prilex Can Block NFC-Based Transactions
JAKARTA - Kaspersky discovered a new variant of the Prilex malware, created by a group of cybercriminals, named after the most advanced Point-of-Sales (PoS) malware in 2022.
For your information, Prilex is a dangerous threat actor, who has gradually evolved from malware focused on Independent Cash Banking (ATM) into the Point of Sales (PoS) malware, the most advanced PoS threat found so far.
Perpetrators of the Prilex threat are now doing something further than just carrying out a GHOST attack, which allows them to cheat credit cards, even on cards protected by CHIP and PIN technology that are said to be unhackable.
Finally, Kaspersky experts discovered a new modification of Prilex with the power to block contactless payment transactions, which became very popular during and after the pandemic.
Prilex has learned how to block touchless transactions by implementing a rule-based file that determines whether to capture credit card information or not, and the option to block NFC-based transactions.
Their goal is to force victims to use their physical cards by putting them in the PIN pad reader, so malware can capture transaction-derived data, using any available means for Prilex, such as manipulating cryptograms to carry out GHOST attacks.
Another new feature added to the latest Prilex sample is the possibility to filter credit cards according to their segments, and make different rules for different segments.
For example, they can block NFCs and retrieve card data, only if the card is a Black/Infinite, Corporate or otherwise type with high transaction limits, which are much more attractive than standard credit cards, with finite or low balances.
Prilex has been operating in Latin America since 2014. Now, he has expanded his attacks globally such as Germany, Brazil and may also be able to spread to other countries and territories.