New advanced malware exploited in re-emerging Prilex attacks

The Hacker News reports that Brazilian threat actor Prilex has reappeared in new attacks leveraging advanced point-of-sale malware instead of ATM-focused malware before its one-year hiatus. While Prilex has also shown its ability to conduct EMV replay attacks, Kaspersky researchers observed that the threat actor is moving to the new approach to GHOST transactions, which involves a thief who gathers PoS software communications and of the PIN pad for the purpose of obtaining card information. . This information is then sent to a command and control server, which could then enable fraudulent transactions. Prilex also enhanced the malware to include a backdoor module for debugging PoS software behavior, as well as process termination, screen capture, arbitrary file downloads and command execution, according to Kaspersky. . “[The Prilex malware is] deal directly with the PINpad hardware protocol instead of using higher-level APIs, perform real-time patching in target software, hook OS libraries, mess with responses, communications, and ports , and move from a replay-based attack to generate cryptograms for its GHOST transactions even from credit cards protected by CHIP and PIN technology,” the researchers added.

Comments are closed.