Security News > 2023 > February > Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions.

Having evolved out of ATM-focused malware into PoS malware over the years since going operational in 2014, the threat actor steadily incorporated new features that are designed to facilitate credit card fraud, including a technique called GHOST transactions.

While contactless payments have taken off in a big way, in part due to the COVID-19 pandemic, the underlying motive behind the new functionality is to disable the feature so as to force the user to insert the card into the PIN pad. To that end, the latest version of Prilex, which Kaspersky discovered in November 2022, has been found to implement a rule-based logic to determine whether or not to capture credit card information alongside an option to block NFC-based transactions.

Should such an NFC-based transaction be detected and blocked by the malware installed on the infected PoS terminal, the PIN pad reader displays a fake error message: "Contactless error, insert your card."

"These rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit," the researchers noted.

"Since transaction data generated during a contactless payment are useless from a cybercriminal's perspective, it is understandable that Prilex needs to force victims to insert the card into the infected PoS terminal."

News URL

https://thehackernews.com/2023/02/prilex-pos-malware-evolves-to-block.html