While mobile wallets and contactless credit cards have made paying for goods at the register easier than ever, hackers have devised new ways to exploit payment systems that enable these features for unsuspecting shoppers.

According to a new press release from cybersecurity firm Kaspersky (opens in new tab), researchers at the firm have discovered a new variant of the point-of-sale (POS) malware Prilex that allows contactless near field communication (NFC) transactions to be blocked A new variant was discovered.

The cybercriminals behind Prilex began by targeting ATM machines, but they are now upgrading the malware to launch attacks against POS systems such as those found at coffee shops, gas stations, convenience stores, and other businesses during checkout Upgrades.

Unlike other malware that infects users online, Prilex can now steal credit card information in the real world, where people rarely expect to be victims of cybercrime.

The cybercriminals behind Prilex can conduct "GHOST" attacks of credit card fraud by deploying malware on vulnerable POS systems. Unfortunately, even credit cards protected by CHIP and PIN technology, which were thought to be unhackable, are at risk.

After responding to an incident involving one of their customers, researchers at Kaspersee discovered three new modifications to the Prilex malware that allow it to block contactless payment transactions.

Normally, when using a contactless credit card, a simple tap is all it takes to make a payment, but Prilex now blocks these transactions using a rules-based file that tells the malware whether to retrieve credit card information It has a way to do this; since NFC-based transactions create a unique card number that is only valid for one transaction, Prilex detects and blocks this. When this happens, a message appears on the POS system indicating that a "contactless error" has occurred and the shopper is prompted to insert or swipe a credit card instead.

Once a potential victim is forced to use their card, Prilex is able to retrieve all data from that transaction. However, the malware can also filter based on the type of credit card. This allows it to capture black and corporate cards with high transaction limits and ignore cards with low limits.

Once the cybercriminals behind Prilex have the victim's credit card information, they can commit credit card fraud or attempt to steal the victim's identity.

While the best antivirus software can help protect against online threats, protecting yourself in the real world is a bit different. Especially if you are used to being able to safely use your credit card at checkout.

To keep yourself safe from Prilex malware, you want to be especially careful if you get a "contactless error" after trying to tap a payment using your credit card. In such cases, it is better to use cash if you have it, but if you want to be extra careful, you can cancel the transaction altogether. It is also worth noting that this malware does not affect mobile wallets, so it is better to use Apple Pay, Google Pay, or Samsung Pay instead of a physical credit card.

Identity theft prevention provider Aura, in a blog post (opens in new tab), recommends using chip readers whenever possible, as they are safer than tap to pay. At the same time, one should consider using one card to pay bills and another for routine transactions. This way you will know if your credit card information was stolen in a physical location rather than online.

The cybercriminals behind Prilex have been active since at least 2014, and unless they are apprehended by law enforcement, they and their PoS malware will continue to be a threat to watch for.