Kaspersky Lab cybersecurity experts have discovered a new version of the Prilex point-of-sale (PoS) malware that has been enhanced to target transactions using NFC technology and is believed to be the most advanced PoS threat to date.

The Prilex malware is a modular piece of code that uses a unique cryptographic scheme and is capable of various forms of credit card fraud.

Prilex_ATM_and_PoS_report_10_1.png

One of the most recent versions of the malware, discovered in November 2022, was found to have a rules-based file that specifies when to capture credit card information and when to block NFC-based transactions. The malware is able to disable the contactless payment feature to force the user to insert the card into the PIN pad. This allows the malware to capture the transaction data using techniques such as cryptogram manipulation and GHOST attacks.

Prilex_blocks_NFC_02-1024x125.png

The new version of the Prilex also has the ability to filter credit cards by segment and create different rules for each segment. For example, the malware can be programmed to block NFC-based transactions only if the card is a black/infinite, corporate or other tier with a high transaction limit.