Fraud: Prilex Can Now Target Contactless Payments

February 1, 2023

As technology advances and humans find new ways of making life more convenient/safe, so do criminals and their ability to catch up. That being said, recently, three new variants of Prilex malware have been uncovered.

Prilex is a notorious threat actor that gradually evolved from Automated Teller Machines (ATMs)-focused malware into a unique modular PoS malware — the most advanced PoS threat discovered so far.

Now the new threat is that this malware is able to block contactless near-field communication (NFC) transactions on targeted devices, meaning this malware blocks signals in debit and credit cards so customers won’t be able to use their contactless chip on POS, forcing them to insert or swipe their card, allowing Prilex to steal the card’s data, and therefore give them access to that customer’s money.

Kaspersky, a multinational cybersecurity and anti-virus provider described the attacks back in 2022.

Prilex threat actors conduct so-called “GHOST” attacks, allowing them to perform credit card fraud — even on cards protected with the purported unhackable Chip and PIN technology.

The three new modifications with the power to block contactless payment transactions were uncovered when a customer affected by Prilex filed an incident report.

It works like this: contactless payments allow customers to ‘tap’ to pay, eliminating the need to swipe or insert your card, however, Prilex is able to block such transactions.

Because NFC-based transactions generate a unique card number valid for only one transaction, if Prilex detects an NFC-based transaction and blocks it, the PIN pad will show the prompt “present or insert your card

This way, the customer is forced to make use of the physical car, inserting it in the infected pin pad reader where the malware can capture the information.

Prilex is also able to “sort” through the credit card information and only capture high limit, black, infinite, and corporate, which will allow the criminal to steal more money compared to other lower limit cards.

This actor is notorious in Latin America, and it is believed they are behind one of the most notorious attacks in the region. In 2016, it cloned more than 28,000 credit cards and left 1,000 ATMS dry in Brazilian banks. Prilex has now expanded globally.

Germany saw a large attack in 2019, when a gang cloned Mastercard debit cards and stole more than €1.5 million from 2,000 customers.

The modifications we described above have been spotted in Brazil, but it is only a matter of time before it spreads.

This is a call to always be on the lookout and make sure to keep up with bank statements, the technology is still convenient, but being a little bit cautious can go a long way. 

Want to learn more? Check out Payments Cards and Mobile’s full write-up here.

 Share your thoughts on our LinkedIn page.

SMEs: Analyzing 2023 And What to Expect in 2024

SMEs: Analyzing 2023 and what to expect in 2024 January 3, 2024 We start 2024 reflecting back on the last year and looking forward to ...
Read More →

Mobile Payments: Will They Dominate The Market?

The idea of a comprehensive digital ID looks like the solution, but there’s much work to do in regards to implementing it. Such as which ...
Read More →

The Future is Phygital

The Future is Phygital December 20, 2023 As with many other aspects of life, the COVID-19 pandemic affected the payments landscape in terms of the ...
Read More →
Scroll to Top