The upgraded Prilex PoS malware can block contactless payments

Threat actors have recently upgraded the Prilex point-of-sale (PoS) malware to block NFC-enabled contactless credit card transactions that could force people to insert credit cards inside malware-infected machines.

Credit card users have found contactless NFC transactions trouble-free since it allows them to complete close-proximity payment transactions through credit cards, smartphones, or smartwatches. Especially since the COVID-19 pandemic, people are finding these new transaction methods safer, more secure, and more convenient.

Meanwhile, threat actors are finding ways to counter secure NFC transactions since it has disrupted their classic ways of stealing from users’ credit cards.

 

Three new Prilex PoS malware were spotted in the wild, which blocks contactless transactions to force consumers to insert their credit cards into tampered payment machines.

 

The three new Prilex PoS malware versions, 06.03.8070, 06.03.8072, and 06.03.8080, were discovered to have been released in the wild last year in November. The researchers note that these newly upgraded malware variants are equipped with features that block payment terminals from accepting NFC transactions, resulting in users opting to insert their cards instead.

An error prompt will be displayed on the screen once an NFC-enabled credit card is used in a tampered payment terminal. Since inserting cards inside the machines is the only option left for users, this will allow threat actors to complete their activities of stealing the card data from the infected machine.

The Prilex PoS malware developers also included an EMV cryptogram generation feature to the new variants, which allows them to evade fraud detection from malicious transactions and perform “GHOST transactions” that aid them in completing attacks despite the credit cards’ CHIP and PIN protection technology.

Additionally, researchers found that the new malware variants can filter unwanted credit cards to help them capture data from only specific financial providers and user tiers.

Since there is no easy way of identifying which public payment terminals have been tampered with by malicious actors, users are advised to avoid connecting to public WiFi when accessing their banking accounts.

It is also important for people to always check their banking applications and review the transactions made right on the spot to know if there are any suspicious activities completed after utilising a payment terminal.

Users must immediately report the malicious transaction to the card’s provider or the authorities if it occurs.