This new POS malware can totally bypass your card security

By Scott Marlette Last updated Sep 29, 2022

A notorious Point of Sale (PoS (opens in new tab)) malware has re-emerged after a year-long hiatus, and is now more dangerous than ever before, researchers have claimed.

Experts at Kaspersky claim to have seen three new versions of the Prilex malware, which now comes with advanced features helping it bypass contemporary fraud blockers.

Kaspersky says that Prilex can now generate EMV cryptograms, a feature Visa introduced three years ago as means of validating transactions and preventing fraudulent payments.

Skilled adversaries

EMV is in use by Europay, MasterCard, and Visa (hence the name EMV), and what’s more, threat actors can use the EMV cryptogram to run “GHOST transactions”, even with the cards protected by CHIP and PIN technologies.

“In GHOST attacks performed by the newer versions of Prilex, it requests new EMV cryptograms after capturing the transaction,” which are then used in transactions, Kaspersky said.

Furthermore, Prilex, which was first spotted in 2014 as an ATM-only malware, and switched to PoS two years later, comes with certain backdoor features, as well, such as running code, terminating processes, editing the registry, grabbing screenshots, etc.

“The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works,” Kaspersky added. “This enables the attackers to keep updating their tools in order to find a way to circumvent the authorization policies, allowing them to perform their attacks.”

Getting malware installed on PoS endpoints (opens in new tab) is not as easy, though. Threat actors either need physical access to the device, or they need to trick the victims into installing the malware themselves. The attackers would usually impersonate technicians from the PoS vendor, Kaspersky said, and claim that the device needs its software/firmware updated.

Once the malware is installed, the threat actors would monitor the transactions to see if there is enough volume to be worth their time.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.