This new POS malware can totally bypass your card security

Credit card information for sale
(Image credit: Shutterstock)

A notorious Point of Sale (PoS) malware has re-emerged after a year-long hiatus, and is now more dangerous than ever before, researchers have claimed.

Experts at Kaspersky claim to have seen three new versions of the Prilex malware, which now comes with advanced features helping it bypass contemporary fraud blockers.

Kaspersky says that Prilex can now generate EMV cryptograms, a feature Visa introduced three years ago as means of validating transactions and preventing fraudulent payments.

Skilled adversaries

EMV is in use by Europay, MasterCard, and Visa (hence the name EMV), and what’s more, threat actors can use the EMV cryptogram to run “GHOST transactions”, even with the cards protected by CHIP and PIN technologies. 

"In GHOST attacks performed by the newer versions of Prilex, it requests new EMV cryptograms after capturing the transaction," which are then used in transactions, Kaspersky said.

Furthermore, Prilex, which was first spotted in 2014 as an ATM-only malware, and switched to PoS two years later, comes with certain backdoor features, as well, such as running code, terminating processes, editing the registry, grabbing screenshots, etc. 

"The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky added. "This enables the attackers to keep updating their tools in order to find a way to circumvent the authorization policies, allowing them to perform their attacks."

Getting malware installed on PoS endpoints is not as easy, though. Threat actors either need physical access to the device, or they need to trick the victims into installing the malware themselves. The attackers would usually impersonate technicians from the PoS vendor, Kaspersky said, and claim that the device needs its software/firmware updated. 

Once the malware is installed, the threat actors would monitor the transactions to see if there is enough volume to be worth their time. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.