This PoS malware blocks contactless payments to steal credit card data

A known PoS malware is getting some nasty new features

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers have spotted new versions of a known Point of Sale (PoS)malwarethat blocks advanced features to be able to steal credit card data.

The team from Kaspersky observed the PrilexPoSmalware versions 06.03.8070, 06.03.8072, and 06.03.8080, in the wild. These versions were released in November 2022, and prevent the terminal from accepting contactless credit card transactions.

Contactless transactions, made possible due to near-field communication (NFC) chips found in bothPoS terminalson one end, and credit/debit cards, smartphones and smart watches on the other, exploded in popularity during the Covid-19 pandemic. The technology allows consumers to purchase goods and services without actually inserting their credit cards, making it almost impossible for hackers to steal the data via PoS malware.

Protecting your business from the biggest threats onlinePerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Swiping away the data

However to work around this issue, the threat actors deployed a new version of Prilex, which blocks PoS terminals from accepting contactless payments.

If a user tries to initiate such a transaction on a compromised endpoint, it will only get an error message, forcing them to swipe their cards and, ultimately, share sensitive data with the attackers.

After stealing the data, the researchers say, the attackers can run cryptogram manipulation and “GHOST transaction” attacks.

This new POS malware can totally bypass your card security>Two payment terminal malware strains have stolen millions of dollars worth of data>Here’s our rundown of the best ID theft protection right now

Prilex operators have been busy, the researchers say. They’ve been adding new features for months now, and before these, they added EMV cryptogram generation which allows them to evade getting detected and initiate “GHOST transaction” attacks even on cards protected with CHIP and PIN. They also added a way to filter cards and grab data only from specific providers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“These [filtering] rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit,” Kaspersky said.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call