While mobile wallets and contactless credit cards have made paying for goods at the register easier than ever, hackers have devised new ways to exploit payment systems that enable these features for unsuspecting shoppers
According to a new press release from cybersecurity firm Kaspersky (opens in new tab), researchers at the firm have discovered a new variant of the point-of-sale (POS) malware Prilex that allows contactless near field communication (NFC) transactions to be blocked A new variant was discovered
The cybercriminals behind Prilex began by targeting ATM machines, but they are now upgrading the malware to launch attacks against POS systems such as those found at coffee shops, gas stations, convenience stores, and other businesses during checkout Upgrades
Unlike other malware that infects users online, Prilex can now steal credit card information in the real world, where people rarely expect to be victims of cybercrime
The cybercriminals behind Prilex can conduct "GHOST" attacks of credit card fraud by deploying malware on vulnerable POS systems Unfortunately, even credit cards protected by CHIP and PIN technology, which were thought to be unhackable, are at risk
After responding to an incident involving one of their customers, researchers at Kaspersee discovered three new modifications to the Prilex malware that allow it to block contactless payment transactions
Normally, when using a contactless credit card, a simple tap is all it takes to make a payment, but Prilex now blocks these transactions using a rules-based file that tells the malware whether to retrieve credit card information It has a way to do this; since NFC-based transactions create a unique card number that is only valid for one transaction, Prilex detects and blocks this When this happens, a message appears on the POS system indicating that a "contactless error" has occurred and the shopper is prompted to insert or swipe a credit card instead
Once a potential victim is forced to use their card, Prilex is able to retrieve all data from that transaction However, the malware can also filter based on the type of credit card This allows it to capture black and corporate cards with high transaction limits and ignore cards with low limits
Once the cybercriminals behind Prilex have the victim's credit card information, they can commit credit card fraud or attempt to steal the victim's identity
While the best antivirus software can help protect against online threats, protecting yourself in the real world is a bit different Especially if you are used to being able to safely use your credit card at checkout
To keep yourself safe from Prilex malware, you want to be especially careful if you get a "contactless error" after trying to tap a payment using your credit card In such cases, it is better to use cash if you have it, but if you want to be extra careful, you can cancel the transaction altogether It is also worth noting that this malware does not affect mobile wallets, so it is better to use Apple Pay, Google Pay, or Samsung Pay instead of a physical credit card
Identity theft prevention provider Aura, in a blog post (opens in new tab), recommends using chip readers whenever possible, as they are safer than tap to pay At the same time, one should consider using one card to pay bills and another for routine transactions This way you will know if your credit card information was stolen in a physical location rather than online
The cybercriminals behind Prilex have been active since at least 2014, and unless they are apprehended by law enforcement, they and their PoS malware will continue to be a threat to watch for
Comments