Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Ingenico Buys POS Software Company Phos

    March 31, 2023

    eRetail Cybertech’s cloud-based POS billing software Prana POS is now available on Microsoft Azure Marketplace

    March 30, 2023

    Mobile POS Market is Booming Worldwide | Square, Ingenico, iZettle

    March 29, 2023
    Facebook Twitter Instagram
    Your POS TechYour POS Tech
    • Point Of Sale [POS]
    Your POS TechYour POS Tech
    Home»Point Of Sale [POH]»Prilex POS malware evolves to block contactless transactions
    Point Of Sale [POH]

    Prilex POS malware evolves to block contactless transactions

    yourpostechBy yourpostechFebruary 3, 2023Updated:February 3, 2023No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    According to Kaspersky, Prilex is a Brazilian threat actor that initially began in 2014 as ATM-related malware and later switched to modular point-of-service malware. The threat actor was responsible for one of the biggest attacks on ATMs in Brazil, infecting and jackpotting more than 1,000 machines and cloning more than 28,000 credit cards used in the ATMs.

    SEE: Mobile device security policy (TechRepublic Premium)

    Prilex is particularly experienced with payment markets, electronic funds transfer software, and protocols, and the threat actor has recently updated its POS malware to block contactless transactions to steal your credit card information.

    What’s new in the latest Prilex malware

    Contactless payment methods have become incredibly popular, especially since the COVID-19 pandemic, when people wished to touch as many public surfaces as possible. Such payments require the credit card to be really close to the payment device, which is typically a POS terminal.

    As contactless payments are not handled by the POS terminal in the same way as usual payments, it’s not possible for cybercriminals to abuse and make fraudulent use of the system. This resulted in cybercriminals’ POS malware seeing a huge decrease in the number of transactions it could abuse.

    Prilex malware developers have found a way to deal with this problem: The malware, once it sees a contactless transaction happen, blocks it. The PIN pad then tells the user that there is a contactless error and that the payment needs to be done by inserting the credit card. Once the victim pays by card, a GHOST transaction fraud can be operated by Prilex.

    In GHOST transactions, the malware sits on the device, intercepting all communications between the POS software and the PIN pad. Once a transaction is ongoing, the malware intercepts the transaction content and modifies it in order to capture the credit card information and request new EMV cryptograms to the victim’s card. The new EMV cryptogram enables the attacker to initiate a new fraudulent transaction from a POS device they own (Figure A).

    Figure A

    GHOST transaction attack scheme as executed by the Prilex threat actor.
    Image: Kaspersky. GHOST transaction attack scheme as executed by the Prilex threat actor.

    How do POS malware infections work?

    POS malware is not your average malware. Developing it requires a deep understanding of the whole payment market as well as its protocols, tools, and deployment. As such malware is useless on usual endpoints, it needs to be executed on the computers that actually run the POS software and deal with payments.

    The cybercriminals behind advanced POS malware cannot just send phishing emails to infect computers; they need to target specific people and use social engineering schemes to entice the victim to install a legitimate remote desktop application before infecting it. This explains why fraudsters generally pretend to be technicians who need to update legitimate POS software.

    How to protect your organization from this threat

    The end customer can not do anything against the threat, as it happens on infected devices that they can’t control. All protection must come from administrators of POS software.

    As a company using POS systems, establish a detailed process with the POS provider in order to avoid any social engineering scams. All contacts between the POS software customer and the POS software provider need to follow specific rules that should be discussed over a secure channel and known by anyone who could access the devices running the POS software. Should any cybercriminal call and pretend to be an employee of the POS software supplier, this would help to immediately discover them.

    Security solutions should be deployed on all devices running POS software to try to detect malware infection. As information is sent from an infected POS device to an attacker-owned C2, network communications should also be monitored in order to detect any suspicious activity that could be communication between malware and a C2 server.

    Finally, all software and operating systems should always be up to date and patched in order to avoid compromise by common vulnerabilities.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleThis PoS malware blocks contactless payments to steal credit card data
    Next Article Naira scarcity: Over 50% of PoS operators shut down
    yourpostech
    • Website

    Related Posts

    Ingenico Buys POS Software Company Phos

    March 31, 2023

    eRetail Cybertech’s cloud-based POS billing software Prana POS is now available on Microsoft Azure Marketplace

    March 30, 2023

    Mobile POS Market is Booming Worldwide | Square, Ingenico, iZettle

    March 29, 2023

    2 POs booked on court orders

    March 28, 2023

    Leave A Reply Cancel Reply

    Our Picks

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    About Us
    About Us

    We provide a wide range of customized, integrated B2B and B2C digital marketing services solutions that are ideal for your business.

    We're accepting new partnerships right now.

    Email Us: info@yourmartech.com
    Contact: +1-530-518-1420

    Our Brands
    • Your Martech
    • Your HR Tech
    • Your Fin Tech
    • Your Revenue
    • Your Bio Tech
    • Your Info Tech
    • Your Health Tech
    SUBSCRIBE NOW
    Loading
    LinkedIn
    • Privacy Policy
    © 2022 Vigarbiz Inc. Designed by Vigarbiz Media.

    Type above and press Enter to search. Press Esc to cancel.

    Your Postech