Comments on: Prilex modification now targeting contactless credit card transactions

By: Securelist

Securelist — Mon, 27 Feb 2023 14:51:54 +0000

In reply to Jay. Hi Jay! We know Prilex threat actors are ready to expand worldwide. The modular malware allows them to add compatibility with any PoS systems. Other security companies reported attacks from Prilex on USA and other markets, so for us will not be surprise to find them targeting these systems as well.

By: Jay

Jay — Mon, 20 Feb 2023 23:40:46 +0000

an article here https://www.redpacketsecurity.com/prilex-the-pricey-prickle-credit-card-complex/ says that the initial infection vector is the POS system. Prolix uses a patch in the PoS system libraries, allowing the malware to collect data transmitted by the software. They have a bad actor call the manager pretending to be with the POS vendor, saying they need emergency access. So training can mitigate this.

This was mostly in Brazilian POS systems which were similar to Brazillian ATM systems. This article was from 5 months ago. Has Prilex graduated to Europe, US or other major markets and major vendors (eg Oracle, Agilisys, Transact)?

By: Securelist

Securelist — Fri, 10 Feb 2023 09:47:59 +0000

In reply to denis. Hi Denis! The files were collected from a customer during incident response after an attack, that's why we can't share the hashes.

By: denis

denis — Thu, 09 Feb 2023 02:47:35 +0000

Is there a reason it doesn’t show md5?

By: Securelist

Securelist — Mon, 06 Feb 2023 14:54:50 +0000

In reply to Tomasz.

Hi Tomasz!

The confirmation message is usually displayed on the PINpad device – but this is configurable, depends on the system and how its configured. To make it more clear, we’ve changed the wording a bit.

By: Tomasz

Tomasz — Fri, 03 Feb 2023 09:01:54 +0000

The last point in your description of contactless transaction seems incorrect. The terminal does not send a confirmation message to the cardholder. If you use a physical card, there is no way the confirmation is displayed 🙂