Virus causes card fraud in contactless payments
Table of Contents
Um malware (with malicious) that emerged in 2016, focusing on ATMs, and migrated in 2018 to credit card fraud is back. Due to the popularization of payments via approximation, the new version of Prillex this form of payment is now used to operate frauds and scams in Brazil.
How the virus works
As if the concerns of everyday Brazilian life were not enough, a new version of an old virus has raised concerns and raised the alert of cybersecurity authorities in Brazil in relation to card fraud.
Designed to hit cards, the Prillex is running around the square. This time the operation is so sneaky that it can fool anyone making a simple purchase.
The approach has become a fever due to the practicality it offers when making payments. Practical and quite safe, the shape itself offers few risks – find out how to protect yourself when paying by approximation and avoid card fraud -, due to the unique identifier that each person has, which means that even if the information is copied, it is of no use.
Now imagine that you are in a business making a purchase of any kind in the day-to-day rush, and then when you approach the card, the following message appears on the machine: “ERROR APPROXIMATION (sic) INSERT THE CARD”.
The chances of any of us thinking naturally that we are being victims of a scam are very unlikely, and probably the automatic reaction for us to be able to make our purchase and carry on with the day is to do what was requested: insert the card. This is where the malware has access to the data and the scam is carried out.
The current version of the virus gives scammers several possibilities such as filtering cloned cards and using only the cards "Black" or corporate that have higher limits.
The group does not act in bakeries and supermarkets, and prefers to focus the virus on environments where higher value runs, being something well organized and focused on great values.
"The prilex it's a highly targeted hit. The group goes around the establishment to assess its movement, if the target is interesting, they will make telephone contact or even send a false technician to “update” the system. The ultimate goal is to install a legitimate program to allow remote group access and remote installation of Prilex”
Fabio Assolini, director of Kaspersky's Global Research and Analysis Team (GReAT) in Latin America.
The Origin of Prillex
In 2016, in the middle of Carnival, a bank here in Brazil realized that the ATMs had been hacked and the money inside them looted. Reports showed that the attack had infected more than 1.000 machines and more than 28.000 credit cards across the country.
The malware used in this attack was designed from the ground up and named Prillex. From then on, in 2018 another version of the virus resurfaced, and this time the focus was already on cards.
In this version, the virus infected the machine and created a connection with a scammer's computer, from then on, when a transaction took place, the data was sent to the scammer's machine, and then the machine issued an error, forcing the victim to confirm the purchase again, this time with data flowing normally.
Proximity payment enters the radar of scammers
The approach – whether by smartphone, card or other means – has won the markets, and obviously scammers would soon think of ways to get around the security that this payment format offers.
This evolution of Prillex it is a new form of card fraud that is already being studied by the authorities, but while new news does not arrive and those responsible are not arrested, the best way to not suffer such a scam is to pay extra attention to any type of payment with the amount higher.
SOURCES: Secure List, kaspersky daily,
Discover more about Showmetech
Sign up to receive our latest news via email.
