Notorious Point of Sale (PoS (opens in a new tab)malware has re-emerged after a year-long hiatus and is now more dangerous than ever, researchers say.
Kaspersky experts say they’ve seen three new versions of the Prilex malware, which now comes with advanced features to help bypass modern fraud blockers.
Kaspersky says Prilex can now generate EMV cryptograms, a feature Visa introduced three years ago to verify transactions and prevent fraudulent payments.
EMV is used by Europay, MasterCard and Visa (hence the name EMV), and moreover, cyber criminals can use the EMV cryptogram to run “GHOST transactions”, even with CHIP and PIN protected cards.
“In the GHOST attacks carried out by newer versions of Prilex, it requests new EMV cryptograms after the transactions are intercepted,” which are then used in the transactions, Kaspersky said.
Moreover, Prilex, which was first noticed in 2014 as ATM-only malware and switched to PoS two years later, also includes some backdoor features such as running code, terminating processes, editing the registry, downloading screenshots, etc. .
“The Prilex Group has demonstrated a high level of understanding of credit and debit card transactions and how the software used to process payments works,” added Kaspersky. “This allows attackers to update their tools to find ways to circumvent the authorization rules that allow them to launch attacks.”
Installing malware on PoS endpoints (opens in a new tab) however, it is not that simple. Threats either need physical access to the device or have to trick victims into installing the malware themselves. The attackers usually impersonated PoS vendor technicians, Kaspersky said, and claimed that the device needed a software / firmware update.
With malware installed, cyber criminals would monitor transactions to see if there is enough time to make their time worth their time.
By: A hissing computer (opens in a new tab)