"Upgraded Prilex Point-Of-Sale Malware Bypasses Credit Card Security"

This year, security analysts have discovered three new versions of the Prilex point-of-sale (PoS) device-targeting malware, indicating that its authors and operators are back in business. Prilex began as ATM-focused malware in 2014 before shifting to PoS devices in 2016. While malware development and distribution peaked in 2020, it vanished in 2021. Analysts now report that Prilex has returned to the market, and the operational pause last year appears to have been a break to focus on developing a more sophisticated and potent version. The most recent version can generate Europay, MasterCard, and Visa (EMV) cryptograms, which VISA introduced in 2019 as a transaction validation system to help detect and block payment fraud. It also allows threat actors to perform 'GHOST transactions' even with credit cards protected by CHIP and PIN technology by using EMV cryptograms, encrypted messages between the card and the reader containing transaction details. After capturing the transaction, GHOST attacks performed by newer versions of Prilex request new EMV cryptograms to be used in fraudulent transactions. A backdoor for communication, a stealer for intercepting all data exchanges, and an uploader module for exfiltration have all been added to the new Prilex version. The backdoor supports file actions, command execution, process termination, registry modification, screen capturing, and more. This article continues to discuss the new versions of Prilex PoS-targeting malware. 

Bleeping Computer reports "Upgraded Prilex Point-Of-Sale Malware Bypasses Credit Card Security"