1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new POS malware can totally bypass your card security

    From TechnologyDaily@1337:1/100 to All on Thu Sep 29 18:30:03 2022
    This new POS malware can totally bypass your card security

    Date:
    Thu, 29 Sep 2022 17:03:39 +0000

    Description:
    Prilex is back with new tools to help it bypass security protections and hack your card.

    FULL STORY ======================================================================

    A notorious Point of Sale ( PoS ) malware has re-emerged after a year-long hiatus, and is now more dangerous than ever before, researchers have claimed.

    Experts at Kaspersky claim to have seen three new versions of the Prilex malware , which now comes with advanced features helping it bypass contemporary fraud blockers.

    Kaspersky says that Prilex can now generate EMV cryptograms, a feature Visa introduced three years ago as means of validating transactions and preventing fraudulent payments. Skilled adversaries

    EMV is in use by Europay, MasterCard, and Visa (hence the name EMV), and
    whats more, threat actors can use the EMV cryptogram to run GHOST transactions, even with the cards protected by CHIP and PIN technologies.

    "In GHOST attacks performed by the newer versions of Prilex, it requests new EMV cryptograms after capturing the transaction," which are then used in transactions, Kaspersky said.

    Furthermore, Prilex, which was first spotted in 2014 as an ATM-only malware, and switched to PoS two years later, comes with certain backdoor features, as well, such as running code, terminating processes, editing the registry, grabbing screenshots, etc.

    "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky added. "This enables the attackers to keep updating their tools in order to find a way to circumvent the authorization policies, allowing them
    to perform their attacks." Read more

    Credit card fraud detection vs credit report monitoring: Whats the
    difference?


    The biggest ID fraud cases of all time: lots of money and damage


    Protect from ransomware with these tools

    Getting malware installed on PoS endpoints is not as easy, though. Threat actors either need physical access to the device, or they need to trick the victims into installing the malware themselves. The attackers would usually impersonate technicians from the PoS vendor, Kaspersky said, and claim that the device needs its software/firmware updated.

    Once the malware is installed, the threat actors would monitor the transactions to see if there is enough volume to be worth their time. These are the best firewall services around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-new-pos-malware-can-totally-bypass-your-ca rd-security/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)