Prilex is a highly advanced malware that has evolved from ATM-focused malware into a unique modular PoS malware, known to be the most advanced PoS threat seen so far. It has a unique cryptographic scheme, performs real-time patching in target software, forces protocol downgrades, manipulates cryptograms, performs GHOST transactions and performs credit card fraud.
Recently, three new versions of Prilex have been discovered with the ability to block contactless payment transactions, which have become popular due to the pandemic. These new versions block NFC-based transactions and force victims to use their physical card by inserting it into the PIN pad reader, which allows the malware to capture the data coming from the transaction.
The global market for contactless payments was estimated to be $34.55 billion in 2021 and is expected to continue growing. In the US, tap-to-pay accounts for 28% of all face-to-face transactions and 82% of card-present transactions in the country are happening at contactless-enabled locations. The popularity of this payment method is expected to grow in the coming years.
Prilex now implements a rule-based file that specifies whether or not to capture credit card information and an option to block NFC-based transactions. The latest Prilex samples also have the possibility to filter credit cards according to segment and create different rules for each segment.
The goal of Prilex is to exploit the convenience and security of contactless payments to perform credit card fraud. It is important for organizations and individuals to be aware of the threat of Prilex and to implement security measures to protect their systems and transactions.