This PoS malware blocks contactless payments to steal credit card data

By Scott Marlette Last updated Feb 1, 2023

Cybersecurity researchers have spotted new versions of a known Point of Sale (PoS) malware (opens in new tab) that blocks advanced features to be able to steal credit card data.

The team from Kaspersky observed the Prilex PoS malware versions 06.03.8070, 06.03.8072, and 06.03.8080, in the wild. These versions were released in November 2022, and prevent the terminal from accepting contactless credit card transactions.

Contactless transactions, made possible due to near-field communication (NFC) chips found in both PoS terminals on one end, and credit/debit cards, smartphones and smart watches on the other, exploded in popularity during the Covid-19 pandemic. The technology allows consumers to purchase goods and services without actually inserting their credit cards, making it almost impossible for hackers to steal the data via PoS malware.

Swiping away the data

However to work around this issue, the threat actors deployed a new version of Prilex, which blocks PoS terminals from accepting contactless payments.

If a user tries to initiate such a transaction on a compromised endpoint, it will only get an error message, forcing them to swipe their cards and, ultimately, share sensitive data with the attackers.

After stealing the data, the researchers say, the attackers can run cryptogram manipulation and “GHOST transaction” attacks.

Prilex operators have been busy, the researchers say. They’ve been adding new features for months now, and before these, they added EMV cryptogram generation which allows them to evade getting detected and initiate “GHOST transaction” attacks even on cards protected with CHIP and PIN. They also added a way to filter cards and grab data only from specific providers.

“These [filtering] rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit,” Kaspersky said.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.