Security News > 2022 > September > Upgraded Prilex Point-of-Sale malware bypasses credit card security
Security analysts have observed three new versions of Prilex PoS-targeting malware this year, indicating that its authors and operators are back in action.
Prilex started as ATM-focused malware in 2014 and it pivoted to PoS devices in 2016.
As detailed in the Kaspersky report, it also enables the threat actors to use EMV cryptogram to perform 'GHOST transactions' even using credit cards protected with CHIP and PIN technology.
The new Prilex version has added a backdoor for communication, a stealer for intercepting all data exchanges, and an uploader module for exfiltration.
Its stealer module uses hooks on multiple Windows APIs to snoop on a communication channel between the PIN pad and the PoS software and can modify transaction contents, capture card information, and request new EMV cryptograms from the card.
"The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky concluded.