This new POS malware can totally bypass your card security
>
A notorious point of sale (PoS (opens in new tab)Malware has resurfaced after a year-long hiatus and is now more dangerous than ever, researchers say.
Experts at Kaspersky claim to have seen three new versions of the Prilex malware, which now comes with advanced features that allow it to bypass today’s fraud blockers.
Kaspersky says Prilex can now generate EMV cryptograms, a feature Visa introduced three years ago to validate transactions and prevent fraudulent payments.
Skilled Opponents
EMV is used by Europay, MasterCard and Visa (hence the name EMV), in addition, threat actors can use the EMV cryptogram to perform “GHOST transactions” even with the cards protected by CHIP and PIN technologies.
“In GHOST attacks performed by the newer versions of Prilex, it asks for new EMV cryptograms after the transaction is logged,” Kaspersky said.
In addition, Prilex, which was first noticed as ATM-only malware in 2014 and switched to PoS two years later, also comes with certain backdoor functions, such as executing code, ending processes, editing the registry, taking screenshots, etc. .
“The Prilex group has demonstrated a high level of knowledge about credit and debit card transactions and how software used for payment processing works,” added Kaspersky. “This allows attackers to keep updating their tools to find a way to circumvent the authorization policy so that they can carry out their attacks.”
Installing malware on PoS endpoints (opens in new tab) however, is not that simple. Threat actors either need physical access to the device or trick victims into installing the malware themselves. The attackers would usually pose as technicians from the PoS vendor, Kaspersky said, claiming that the device’s software/firmware needs to be updated.
Once the malware is installed, the threat actors would check the transactions to see if there is enough volume to be worth their time.
Through: BleepingComputer (opens in new tab)