Fraud: Prilex Can Now Target Contactless Payments
February 1, 2023
As technology advances and humans find new ways of making life more convenient/safe, so do criminals and their ability to catch up. That being said, recently, three new variants of Prilex malware have been uncovered.
Now the new threat is that this malware is able to block contactless near-field communication (NFC) transactions on targeted devices, meaning this malware blocks signals in debit and credit cards so customers won’t be able to use their contactless chip on POS, forcing them to insert or swipe their card, allowing Prilex to steal the card’s data, and therefore give them access to that customer’s money.
Kaspersky, a multinational cybersecurity and anti-virus provider described the attacks back in 2022.
The three new modifications with the power to block contactless payment transactions were uncovered when a customer affected by Prilex filed an incident report.
It works like this: contactless payments allow customers to ‘tap’ to pay, eliminating the need to swipe or insert your card, however, Prilex is able to block such transactions.
This way, the customer is forced to make use of the physical car, inserting it in the infected pin pad reader where the malware can capture the information.
Prilex is also able to “sort” through the credit card information and only capture high limit, black, infinite, and corporate, which will allow the criminal to steal more money compared to other lower limit cards.
This actor is notorious in Latin America, and it is believed they are behind one of the most notorious attacks in the region. In 2016, it cloned more than 28,000 credit cards and left 1,000 ATMS dry in Brazilian banks. Prilex has now expanded globally.
Germany saw a large attack in 2019, when a gang cloned Mastercard debit cards and stole more than €1.5 million from 2,000 customers.
The modifications we described above have been spotted in Brazil, but it is only a matter of time before it spreads.
This is a call to always be on the lookout and make sure to keep up with bank statements, the technology is still convenient, but being a little bit cautious can go a long way.