Warning over new banking scam and malware targetting tap-to-pay

 ·4 Feb 2023

International cybersecurity firm Kaspersky has uncovered a new malware, Prilex, that can block contactless near-field transactions on hacked points of sale (POS) terminals.

This, in turn, forces the customer to use their physical credit cards, enabling cybercriminals to steal money, said Kaspersky.

While the malware and scam are most active in Latin America, the security firm said that the expansion of Prilex into Africa, the Middle East, and Turkey is possible in the coming months.

According to Kaspersky, Prilex has evolved from previous malware targeting ATMs and is now the most advanced threat to POS systems.

The malware can perform credit card fraud even on cards that are protected with purported unhackable chips or PIN technology.

Kaspersky said it had uncovered three new modifications that now block contactless payment transactions that became very popular during and after the pandemic.

“Contactless payment systems such as credit and debit cards, key fobs, and other smart devices, including mobile devices, have traditionally featured radio-frequency identification (RFID).”

“More recently, Samsung Pay, Apple Pay, Google Pay, Fitbit Pay and mobile bank applications have implemented near-field communication (NFC) technologies to support secure contactless transactions.”

Kaspersky said that contactless credit cards offer a convenient and secure way to make payments without the need to physically touch, insert or swipe the card. However, Prilex has learned to block such transactions by implementing a rule-based file that specifies whether or not to capture credit card information and an option to block NFC-based transactions.

Because NFC-based transactions generate a unique card number valid for only one transaction, if Prilex detects an NFC-based transaction and blocks it, the PIN pad will show a message stating, “Error, insert card.”

The cyber criminal’s goal is to force the victim to use his/her physical card by inserting it into the PIN pad reader, so the malware can capture data coming from the transaction, said Kaspersky.

The new malware can even pick up what type of bank account a card is connected to and whether it has a high transaction limit, such as business or professional private banking cards.

The power of the malware can be seen in the example of the Rio carnival in 2016.

According to Kaspersky, during the event, a bad actor cloned more than 28,000 credit cards and drained over 1,000 ATMS in Brazils banks.

The same method was spotted in Germany (2019) when a criminal gang cloned Mastercard debit cards issued by German bank OLB and withdrew more than €1.5 million from around 2,000 customers.


Read: The most valuable banks in South Africa in 2023

Show comments
Subscribe to our daily newsletter