POS Malware ‘Prilex’ Targeting Chip & Pin-Protected Payment Cards

 

Malware researchers have recently discovered a new point-of-sale malware named Prilex which has been used by the criminal hackers in order to steal payment card information or even money from Brazilian ATMs and retailers. This time, the malware comes as a comprehensive tool that has the ability to steal data from Pin-protected and chip card to create a fraudulent but a functioning plastic cards. According to the press release of a security firm, researchers have identified a full suite of a tool called Prilex Trojan responsible for carrying out malicious banking fraud.

Although, the fake payment cards generated by criminal hackers behind Prilex virus can work on any POS machines of Brazil. It generally happens due to the faulty implementation of EMV standard where the payment operators failed to validate all the required information before approving any transactions. Hence, this open the backdoor for Prilex operators to install a harmful Java-based program in the form of altered CAP file to the duplicate chip payment cards. This malicious activity forces the POS systems to automatically accept the validation of PIN and then bypass any other important validation processes.

Typically, with the help of Prilex Trojan, cyber criminals can infect retailers, such as gas stations and super markets through bogus tech support sessions operated remotely by the hackers. During this session, racketeers masks themselves as a IT specialists who claims to resolve any issues on the system remotely. However, they does nothing good in the network servers, instead install a dangerous malware. Talking about the working algorithm of Prilex virus, it actually changes the POS systems, intercepts the information of payment cards, store captured data related to payment card onto a remote server and deploy an application with an attractive interface that can be used by the hackers to view statistics of their vicious attacks.

Related Article: ATM Malware ‘Ploutus’ Controlled By a Text Message & Spews Cash

The newly discovered functionality of this Prilex malware allows con artists to overwrite the libraries of an infected POS system so that they can gather payment card data. The stolen details is then sold by the hackers on black market by offering a tool named ‘Daphne‘ to their customers for managing these informations and using the data to clone credit and debit cards. In addition to that, the main reason behind installing a JavaCard applet into the chip of fake smart cards developed by Prilex fraudsters to mislead POS system into bypassing the faulty validation process. In order to replace the Payment System Environment (PSE), GPShell sends malicious commands just by deleting the real one and installing a harmful counterpart. As a result, bogus smart cards needs the stolen data to be written and will be ready to use on any POS devices.