Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat they have seen so far, as described in a previous article. Forget about those old memory scrapers seen in PoS attacks.
Prilex goes beyond these, and it has evolved very differently. This is highly advanced malware adopting a unique cryptographic scheme, doing real-time patching in target software, forcing protocol downgrades, manipulating cryptograms, doing GHOST transactions and performing credit card fraud—even on cards protected with the so-called unhackable CHIP and PIN technology. And now, Prilex has gone even further.
A frequent question asked about this threat was whether Prilex was able to capture data coming from NFC-enabled credit cards. During a recent Incident Response for a customer hit by Prilex, Kaspersky was able to uncover three new Prilex versions capable of blocking contactless payment transactions, which became very popular in the pandemic times.
