Skip to main content

POS malware evolves to target chip and PIN-protected cards

(Image credit: Image Credit: 3112014 / Pixabay)

As the adoption of chip and PIN-protected cards has spread globally over the last decade, cybercriminals have taken notice and adapted the Prilex point-of-sale (POS) malware to turn stolen credit card data into real functional plastic cards. 

While monitoring financial cybercrime in Latin America, researchers at Kaspersky Lab discovered that the Prilex malware, that has been active since 2014, has evolved to target the latest security measures created by banks and credit card companies.

Originally the malware was used to hack ATMs and POS systems created by Brazilian vendors.  Cybercriminals have now taken things a step further by using the stolen credit card data acquired from these hacks to create functional plastic cards that can be used online or even in person. 

Due to a faulty implementation of the EMV standard in Brazil that does not verify all of the data used in the approval process, these cloned cards work on any POS system in the country. 

The Prilex malware is made up of three parts: the malware used to modify a POS system to steal credit card information, a server where the stolen information is stored and a user application that can view, clone and save card information.  However, Kaspersky noted that this is the first time where cybercriminals have offered an all-in-one fraud package that even includes a simple and friendly user interface. 

Security analyst at Kaspersky Lab, Thiago Margues offered further details on how cybercriminals are utilising the Prilex malware in a completely new way, saying: 

“We are dealing here with a completely new malware, one that offers attackers everything from a graphic user interface to well-designed modules that can be used to create different credit card structures. Chip and PIN technology is still relatively new in some parts of the world, such as the U.S., and people may lack awareness of the risk of credit card cloning and abuse. In Brazil, the evolved Prilex malware takes advantage of a faulty implementation of the industry standards – highlighting the importance of developing secure, future proof standards for payment technologies,”

Image Credit: 3112014 / Pixabay 

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.