Comments on: Prilex modification now targeting contactless credit card transactions https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Mon, 27 Feb 2023 14:51:54 +0000 hourly 1 https://wordpress.org/?v=6.2.2 By: Securelist https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/#comment-3533420 Mon, 27 Feb 2023 14:51:54 +0000 https://kasperskycontenthub.com/securelist/?p=108569#comment-3533420 In reply to Jay.

Hi Jay!

We know Prilex threat actors are ready to expand worldwide. The modular malware allows them to add compatibility with any PoS systems. Other security companies reported attacks from Prilex on USA and other markets, so for us will not be surprise to find them targeting these systems as well.

]]>
By: Jay https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/#comment-3533317 Mon, 20 Feb 2023 23:40:46 +0000 https://kasperskycontenthub.com/securelist/?p=108569#comment-3533317 an article here https://www.redpacketsecurity.com/prilex-the-pricey-prickle-credit-card-complex/ says that the initial infection vector is the POS system. Prolix uses a patch in the PoS system libraries, allowing the malware to collect data transmitted by the software. They have a bad actor call the manager pretending to be with the POS vendor, saying they need emergency access. So training can mitigate this.

This was mostly in Brazilian POS systems which were similar to Brazillian ATM systems. This article was from 5 months ago. Has Prilex graduated to Europe, US or other major markets and major vendors (eg Oracle, Agilisys, Transact)?

]]>
By: Securelist https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/#comment-3533177 Fri, 10 Feb 2023 09:47:59 +0000 https://kasperskycontenthub.com/securelist/?p=108569#comment-3533177 In reply to denis.

Hi Denis!

The files were collected from a customer during incident response after an attack, that’s why we can’t share the hashes.

]]>
By: denis https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/#comment-3533157 Thu, 09 Feb 2023 02:47:35 +0000 https://kasperskycontenthub.com/securelist/?p=108569#comment-3533157 Is there a reason it doesn’t show md5?

]]>
By: Securelist https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/#comment-3533117 Mon, 06 Feb 2023 14:54:50 +0000 https://kasperskycontenthub.com/securelist/?p=108569#comment-3533117 In reply to Tomasz.

Hi Tomasz!

The confirmation message is usually displayed on the PINpad device – but this is configurable, depends on the system and how its configured. To make it more clear, we’ve changed the wording a bit.

]]>
By: Tomasz https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/#comment-3533072 Fri, 03 Feb 2023 09:01:54 +0000 https://kasperskycontenthub.com/securelist/?p=108569#comment-3533072 The last point in your description of contactless transaction seems incorrect. The terminal does not send a confirmation message to the cardholder. If you use a physical card, there is no way the confirmation is displayed 🙂

]]>