Brazilian Prilex Hackers Back with Sophisticated Point-of-Sale Malware
Reading Time: 3 minutes

Brazilian Prilex Hackers are back with sophisticated Point-of-Sale Malware. This is a more advanced and complex malware used to steal money by means of fraudulent transactions.

According to Kaspersky researchers, “The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works. This enables the attackers to keep updating their tools in order to find a way to circumvent the authorization policies, allowing them to perform their attacks.”

The cyber crime group was newly formed, and focused on ATM machines. They were eventually able to perform jackpotting, which is a type of illegal dispensing of cash from ATM machines to themselves. They also cloned thousands of credit cards and stole funds from the targeted bank’s customers.

Prilex has evolved over the years to take advantage of processes related to point-of-sale software and intercept other communications, such as PIN pads.

There are operators capable of carrying out EMV replay attacks which involve grabbing transactions by use of card information. The traffic from a legitimate EMV-based card transaction is captured and replayed to a payment processor like Mastercard.Brazilian Prilex Hackers Back with Sophisticated Point-of-Sale Malware_1A highly-targeted attack is one that is armed with a social engineering element. The cyber criminal can easily deploy PoS malware to infect computers.

A company may receive an unsolicited call from a so-called technician who insists that the company needs to update its PoS software. The fake technician may visit the target in person or contact them via phone and request they install AnyDesk – remote access software – so they can ‘fix’ their computer.Brazilian Prilex Hackers Back with Sophisticated Point-of-Sale Malware_2In recent hacks, the user’s card information has not been stolen from a replay attack. Instead, their data is plugged into a system and cryptograms are generated, which can then be used in an in-store purchase without any detection from the victim company.

GHOST transactions are a new method of obtaining information from the PoS system. The software itself is often vulnerable, and these transactions allow a thief to access card information without detection.

A cybercriminal can transfer money through their bogus point-of-sale device, which is sending the transaction info back to a C2 server.

EMV chip cards use a cryptogram to secure cardholder data every time a transaction is made. This reduces the risk of counterfeit transactions.

Previous versions of Prilex attacked EMV cryptograms to conduct a replay attack. However, the GHOST attack requests for new EMVs that are put to use to complete the rogue transactions.

The malware also contains a backdoor module. It’s flexible and can be used to debug the PoS software, change on the fly as needed, or terminate processes.

Prilex is hacking PIN pad hardware to attack credit cards. The hackers take over the chip and pin technology to generate cryptograms for their GHOST transactions even from credit cards protected with CHIP and PIN technology.

Related Articles:
Massive SMS phishing attacks Warning issued by IRS
How Crooks will Use Deepfakes to Scam Your Biz
Fast Company Systems Compromised by Hackers to Send offensive Apple News notifications