This year, security experts have found three updated versions of Prilex malware that target point-of-sale systems.

In 2014, Prilex was a type of malware that targeted ATMs. It switched to PoS (point of sale) devices in 2016, but it wasn’t until 2020 that the malware reached its peak. After that, it faded away in 2021.

Analysts at Kaspersky say that Prilex is back, and it looks like a more advanced and dangerous version of the malware has resurfaced this time. The latest version of this malware can create EMV (Europay, MasterCard, and Visa) cryptograms, which VISA introduced as a transaction validation system to help find and stop payment fraud.

The Kaspersky report explains that it lets threat actors use EMV cryptograms to do “GHOST transactions” with credit cards protected by CHIP and PIN technology.

The infection starts when a spear phishing email pretending to be from a technician from a PoS vendor says that the company needs to update its PoS software. Next, the fake technician goes to the target’s location and installs a malicious upgrade on the PoS terminals. The attackers could also tell the victim to install the AnyDesk remote access tool on their computer and then use it to replace the PoS firmware with a version that has been tampered with.

After the machine is infected, the operators will check to see if the target does enough financial transactions to be worth their time.

The new version of Prilex has a backdoor for communication. The backdoor can do many different things, like open files, run commands, end processes, change the registry, and record the screen. Once the information is encrypted and saved locally on the infected computer, the malware sends periodic requests to the control server.

Kaspersky concluded that the Prilex group knows a lot about how credit and debit card transactions work and how software used for payment processing works. This knowledge allows attackers to keep updating their tools until they find a way to get around the authorization policies and carry out their attacks.

Related Posts - TKS Blog

TKS Newsletter - 2024 December
Here's our December 2024 Newsletter Read the full PDF version here: The TKS Sentinel - December Issue In this month's edition, we discuss: Ransomware Threats PDF Hijacking ...
Read more
zero trust protections
Zero Trust Cybersecurity: Essential for Keeping Your Data Secure
As cyber threats become increasingly sophisticated, businesses can no longer rely solely on traditional methods to protect their data. Hackers are no longer trying to...
Read more
voice technology options
Harnessing the Power of Voice Technology
Voice technology is quickly becoming one of the most valuable tools for businesses seeking to improve customer interactions, streamline operations, and cut costs. With...
Read more
email security tips
Enhance Your Email Security in 6 Simple Steps
6 Simple Steps to Enhance Your Small Business Email Security Email is one of the most commonly used tools in business today—but it’s also a prime...
Read more

Used with permission from Article Aggregator