 |
| cybercriminals can now disable contactless payments |
Kaspersky has introduced 3 new versions of the malware (Prilex) developed by a group of cybercriminals and named after the 2022 Advanced Point of Sale malware.
The newly discovered version could block the Near Field Communication (NFC) technology used for contactless payments at infected outlets, forcing customers to pay with plastic credit cards and allowing cybercriminals to steal their money. While Prilex is currently being used in Latin America, its use could expand to the Middle East, Turkey and Africa in the coming months.
The infamous Prilex gang has evolved from ATM-centric malware to point-of-sale malware and is the most advanced malware ever discovered.
In 2022, Kaspersky named the Prilex attack “GHOST,” which can spoof credit card transactions, even credit cards protected by tamper-proof CHIP and PIN technology.
Now the gang and their programs have gone further, according to security experts who want to know if Prilex can collect data from NFC-enabled credit cards.
In response to customer incidents affected by Prilex, Kaspersky researchers recently unveiled three new versions capable of blocking contactless payment transactions that were so common during and after the pandemic.
Contactless payment systems such as credit and debit cards, wireless access keys and other smart devices such as mobile devices incorporate Radio Frequency Identification (RFID) technology. ).
Recently, electronic payment applications (Samsung Pay), (Apple Pay), (Google Pay), (Fitbit Pay) and banking applications have implemented NFC technology to support secure and contactless transactions.
Contactless bank cards offer a convenient and secure payment method without inserting the card or going through a point-of-sale device, but (Prilex) was able to find a way to do this by executing a file that decides whether to collect credit card information, it contains the ability to prevent transactions Based on NFC technology.
Since NFC-based transactions generate a unique card number that is only valid for a single transaction, the PIN pad will display the following message when an NFC-based transaction is detected and blocked by Prilex:
Criminals aim to force victims to use their plastic cards by inserting them into PIN pad readers. Malware can capture data from transactions using any of the methods available to Prilex, such as: b. Forge PIN codes to perform GHOST attacks.
Another new feature added to the latest Prilex model is the ability to filter credit cards based on categories and create different rules for each category. For example, blocking NFC and capturing card data can only be done if the card belongs to a (black), (unlimited), institutional, or other category with a high transaction credit limit, which is more attractive than a standard credit card category with a minimum balance or limit.
Brillex has been active in Latin America since 2014 and is believed to be behind one of the largest attacks on the continent. During the 2016 Rio Carnival, the gang cloned more than 28,000 credit cards and stole more than 1,000 Banco do Brasil ATMs.
The gang expanded its attack globally when it came under surveillance in Germany in 2019 when a criminal gang cloned a MasterCard debit card issued by a German bank (OLB) and withdrew more than 1.5 million cash to around 2,000 customers in euros. The newly discovered modified versions are in Brazil but may spread to other countries and regions including the Middle East, Turkey and Africa in the coming months.
Contactless payments have become a part of people's daily lives, said Fabio Assolini, head of the global research and analysis team at Kaspersky Latin America, noting that statistics show that the retail sector accounts for more than 59% of contactless payments to lead the market by 2021.
"These transactions are convenient and secure, allowing cybercriminals to create malware that threatens NFC devices," added Assolini. Since the transaction data generated during the contactless payment process is still useless from Prilex's point of view, Prilex will ensure that these transactions are blocked in order to force victims to insert the same card into the infected POS machine.
To protect users themselves from Prilex, Kaspersky recommends implementing a Kaspersky SDK solution in POS modules to prevent malware from tampering with transactions processed by these modules. It also recommends protecting legacy systems with newer security solutions that enhance older versions of Windows and the latest Microsoft software packages and allow them to be fully functional to ensure that organizations fully support legacy Microsoft software and give them the flexibility to upgrade if needed. he.
Users must also install a security solution such as Kaspersky Embedded Systems Security to protect the device from various attack vectors. If the device has very low system specifications, Kaspersky's solution can still protect it with a default rejection system.
Kaspersky recommends that financial institutions that fall victim to this type of fraud use the threat mapping engine to help incident response teams find and detect Prilex files on compromised systems.