Prilex

Description

(Kaspersky) While researching malware for ATM jackpotting used by a Brazilian group called Prilex, our researchers stumbled upon a modified version of this malware with some additional features that was used to infect point-of-service (POS) terminals and collect card data.

This malware was capable of modifying POS software to allow a third party to capture the data transmitted by a POS to a bank. That’s how the crooks obtained the card data. Basically, when you pay at a local shop whose POS terminal is infected, your card data is transferred right away to the criminals.

However, having the card data is just half the battle; to steal money, they also needed to be able to clone cards, a process made more complicated by the chips and their multiple authentications.

The Prilex group developed a whole infrastructure that lets its “customers” create cloned cards — which in theory shouldn’t be possible.

Names

Name
Prilex

Category

Malware

Type

• ATM malware
• POS malware
• Credential stealer

Information

• https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
• https://threatpost.com/latin-american-atm-thieves-turning-to-hacking/128289/
• https://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-prilex-cutlet-maker-atm-malware-families/
• https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.prilex

Other Information

Uuid

82a835f9-02b1-47fb-b2ec-5b6085226899

Last Card Change

2023-02-17