Subscribe

POS malware targets chip and PIN cards

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 19 Mar 2018

Researchers from Kaspersky Lab researchers have discovered that the cyber criminal group behind the Prilex point-of-sale (POS) malware now have the ability to turn stolen credit card data into functional plastic cards.

Employing 'smart' chip and PIN technology to protect payment cards has been widely used around the world over the past ten years, and its growing popularity has attracted attackers.

Prilex has been active in South America since 2014, and has evolved, shifting its efforts from ATM hacks to attacks on POS systems developed by Brazilian vendors. It is now using used stolen credit card information to create functional plastic cards.

This will allow crooks to perform fraudulent transactions in online and physical shops. "This is the first time that the researchers have seen in the wild such a full suite of tools for carrying out fraud. The cloned credit card works in any point-of-sale system in Brazil due to a faulty implementation of the EMV standard that means not all data is verified during the approval process," says Kaspersky Lab.

How it works

Prilex malware is made up of three components: malware that modifies the POS system and intercepts the credit card information, a server to manage the illegally obtained information, and finally an application that the malware 'client' can use to view, clone or save statistics related to the cards.

"This is the most notable feature of the malware: its associated business model, where all the users' needs are taken into account, including the need for a simple and friendly user interface," adds Kaspersky.

Research shows that Prilex is distributed through the traditional postal service, convincing victims to grant computer access to the criminals for a remote support session, which is then used to install the malware. The majority of victims tend to be traditional shops, such as petrol stations, supermarkets and typical retail markets.

Thiago Marques, security analyst at Kaspersky Lab, says Prilex offers attackers everything from a graphic user interface to well-designed modules that can be used to create different credit card structures.

Chip and PIN technology is still relatively new in some parts of the world, such as the US, and many people are not aware of the risk of credit card cloning and abuse.

In Brazil, Prilex has been able to take advantage of a faulty implementation of the industry standards, emphasising the importance of developing secure, future proof standards for payment technologies, he added.

Share