Security News > 2023 > February > Fast-evolving Prilex POS malware can block contactless payments
Kaspersky discovered two new Prilex variants in early 2022 and found a third in November that can target NFC-enabled credit cards and block contactless transactions, forcing payers over to the less-secure PIN machines.
"Contactless credit cards offer a convenient and secure way to make payments without the need to physically insert or swipe the card," the researchers wrote.
"But what happens if a threat can disable these payments in the EFT running in the computer and force you to insert the card in the PINpad reader?".
Doing a deeper dive into the last of the three Prilex variants found, the researchers said the malware includes a rule-based file that determines whether to capture credit card information that also includes an option to block NFC-based transactions.
When Prilex detects and blocks a contactless transaction, the EFT software will have the PIN system show an error message that reads "Contactless error, insert your card."
These rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit," the researchers wrote.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/03/prilex_malware_contactless_payments/