Preventing Credit Card Fraud with PoS Malware: How Prilex Blocks Contactless Payments

New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches. The popularity of contactless payments has grown since the COVID-19 pandemic, with over $34.55 billion in contactless transactions recorded in 2021. To protect against credit card fraud, it is important to understand how PoS malware like Prilex can block contactless payments and steal credit card information. Kaspersky, following the Prilex PoS malware closely, reports seeing at least three new variants in the wild, with version numbers 06.03.8070, 06.03.8072, and 06.03.8080, first released in November 2022. These new variants introduce a new feature that prevents payment terminals from accepting contactless transactions, forcing customers to insert their cards. In September 2022, Kaspersky reported that Prilex added EMV cryptogram generation to evade transaction fraud detection and to perform GHOST transactions even when the card is protected with CHIP and PIN technology. When the new Prilex feature is enabled, it will block contactless transactions and display a Contactless error, insert your card error on the payment terminal. This forces the victim to finish the transaction by inserting a credit card, making capturing the card information through the payment terminal easier. The malware uses a rule-based file to determine if it should block a transaction based on whether it has detected the use of NFC. Prilexs operators block NFC transactions because those generate a unique ID or card number thats only valid for a single transaction, so if that data is stolen, it wouldnt be helpful for the crooks. After the credit card data is captured, the Prilex operators employ the techniques seen in previous releases, like cryptogram manipulation and GHOST transaction attacks. Another interesting new feature seen for the first time on the latest Prilex variants is the ability to filter unwanted cards and only capture data from specific providers and tiers. These [filtering] rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit. Payees have limited means to protect themselves against PoS malware like Prilex, as theres no way to know if a payment terminal might be infected. Standard security measures include avoiding paying on terminals with visible signs of tampering, avoiding using public WiFi to access financial accounts without a VPN, or failing to validate the transaction details before and after its completion. It is essential to regularly monitor financial statements to identify any potentially fraudulent transactions or charges that should be reported to the card issuer immediately.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 31 Jan 2023 18:49:02 +0000


Cyber News related to Preventing Credit Card Fraud with PoS Malware: How Prilex Blocks Contactless Payments

Preventing Credit Card Fraud with PoS Malware: How Prilex Blocks Contactless Payments - New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC ...
1 year ago Bleepingcomputer.com
Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data - The point-of-sale malware named Prilex has been modified to block contactless transactions in an effort to force users to insert their credit cards into terminals and steal their information. Initially detailed in 2017, Prilex has evolved from ...
1 year ago Securityweek.com
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards - The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it ...
1 year ago Thehackernews.com
New Versions of Prilex POS Malware Can Block Contactless Transactions - New versions of Prilex point-of-sale malware have been spotted in the wild. Their new capabilities include blocking Near Field Communication credit card transactions. This way clients are obliged to use the machine to pay, allowing the malicious code ...
1 year ago Heimdalsecurity.com
Comprehensive Guide to Fraud Detection, Management, & Analysis - To mitigate risks, businesses can use risk management strategies, including fraud detection software, company policies, and staff ranging from risk managers and trust officers to fraud analysts. Affiliate Fraud - Affiliates in a marketing arrangement ...
11 months ago Securityboulevard.com
To tap or not to tap: Are NFC payments safer? - These cards required insertion into payment terminals and authentication with a PIN, marking a shift toward more secure transaction methods. These cards were still susceptible to cloning or information theft, though perpetrating such crimes was more ...
1 year ago Welivesecurity.com
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds - Threat actors undertaking identity fraud have been using deepfakes ten times more in 2023 than in 2022, according to digital identity verification solutions provider Sumsub. In its third annual Identity Fraud Report, published on November 28, 2023, ...
1 year ago Infosecurity-magazine.com
As Digital Payments Explode in Popularity, Cybercriminals are Taking Notice - With $54 trillion in payments flowing through the world's leading transaction avenues, the payments space is truly exploding. Traditional banks are moving full speed ahead in fulfilling consumer expectations for instant and easy digital payments by ...
11 months ago Cyberdefensemagazine.com
How Businesses Can Manage Cryptocurrency Fraud - With cryptocurrency payments on the rise, businesses must learn how to safeguard against potential risks. Businesses across the US are seeking innovative payment methods, with an estimated 75% of retailers looking to embrace cryptocurrency payment ...
10 months ago Cyberdefensemagazine.com
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
1 year ago Cybersecuritynews.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
10 months ago Securityintelligence.com
Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend - One of the largest credit unions on the West Coast continues to struggle with its operations following a ransomware attack that began on Saturday. Patelco Credit Union - one of the nation's oldest credit unions with more than $9 billion in assets - ...
5 months ago Therecord.media
9 tips to protect your family against identity theft and credit and bank fraud - With access to your personal information, bad actors can drain your bank account and damage your credit-or worse. By taking the right steps, you and your loved ones can enjoy the peace of mind that comes from identity protection. Check out the nine ...
10 months ago Webroot.com
Identity Fraud Rises as E-Commerce, Payment Firms Targeted - An analysis of global customer data has highlighted a 20% increase in overall fraud incidents compared to last year, largely attributed to the surge in impersonation fraud and the accessibility of sophisticated attack methods and tools. The gaming, ...
1 year ago Securityboulevard.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
8 months ago Pandasecurity.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
5 months ago Pandasecurity.com
Halting Hackers on the Holidays 2023 - As we saw with major holidays including Black Friday and Cyber Monday and now right around the corner and a massive increase in shopping online for the Christmas season, we count the breaches and total personally identifiable information records lost ...
1 year ago Cyberdefensemagazine.com
5 Fraud Prevention Strategies That Help Companies Ward Off Cyber Attacks - According to PwC's 2022 survey, over half of companies experienced fraud in the past two years, the highest in 20 years of research. From cyber-attacks to wire fraud to dishonest employees, there's no shortage of threats that aim to profit off your ...
1 year ago Hackread.com
9 online scams to watch out for this holiday season - By being aware of these common online scams and taking precautions, you can protect yourself and your family from becoming victims this holiday season. The holiday season is upon us, and that means it's time to start shopping for gifts. It's not just ...
1 year ago Blog.avast.com
Unveiling the Power of NFC Technology - Key Components of NFC Technology Tags and Readers NFC technology is based on two essential components: tags and readers. This exchange of information is what enables NFC technology to be used for various applications, such as contactless payments, ...
11 months ago Feeds.dzone.com
Fighting the Next Generation of Fraud - In today's digital age, the landscape of fraud is evolving at an alarming pace. In 2022, 20-59-year-olds reported 63% of all fraud in the United States. Fraudsters have been quick to harness the potential of generative AI to perpetrate various ...
1 year ago Securityboulevard.com
Unmasking Identity Theft: Detection and Mitigation Strategies - In an increasingly digital world, the threat of identity theft looms large, making it imperative for individuals to be proactive in detecting potential breaches and implementing effective mitigation measures. This article delves into key strategies ...
11 months ago Cybersecurity-insiders.com
Does Less Consumer Tracking Lead to Less Fraud? - Authors Bo Bian, Michaela Pagel and Huan Tang investigated the relationship between the rollout of Apple's App Tracking Transparency and reports of consumer financial fraud. By default, Apple's ATT opted all iPhone users out of tracking, which meant ...
1 year ago Eff.org
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
10 months ago Gbhackers.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)