Brazilian Threat Actor Behind Advanced Modular Point of Sale (PoS) Malware Known as Prix It’s raised its head again with a new update that lets you block contactless payment transactions.
Russian cybersecurity firm Kaspersky says it has detected three versions of Pilex (06.03.8080, 06.03.8072, and 06.03.8070) capable of targeting NFC-enabled credit cards, citing its criminal scheme is further increased.
Evolving from ATM-focused malware to PoS malware over the years since it went live in 2014, this threat actor is designed to facilitate credit card fraud, including a technique called GHOST transactions. We are steadily incorporating new features that have been developed.
Contactless payments have become very popular, partly because of the COVID-19 pandemic, but the underlying motivation behind the new feature is that the feature was used to force users to insert their card into a PIN pad. to disable it.
To that end, the latest version of Pilex, discovered by Kaspersky in November 2022, appears to implement rule-based logic to decide whether to capture credit card information, along with the option to block NFC-based transactions. It turns out.
“This is because NFC-based transactions often generate unique IDs or card numbers that are valid for only one transaction,” the researchers said.
If such NFC-based transactions are detected and blocked by malware installed on an infected PoS terminal, the PIN pad reader will display a bogus error message.
This encourages victims to use their physical cards by inserting them into PIN pad readers, allowing threat actors to carry out fraud. Another new feature added to Artifact is the ability to filter credit cards by segment and create rules tailored to those hierarchies.
“These rules can block NFC and capture card data only if the card is Black/Infinite, Corporate, or another tier with high transaction limits. This is standard with low balances/limits. It’s much more attractive than a simple credit card,” said the researchers. .
“Since the transaction data generated by contactless payments is useless from a cybercriminal’s perspective, it makes sense that Prix would need to force victims to insert their cards into infected PoS terminals. ”
