Prilex develops targeted payment cards with chips protected by PINs

Kaspersky Lab's researchers have revealed that the group behind the Prilex malware attack on POS systems is now able to transfer stolen credit card data into effective plastic bank cards. This sophisticated threat, currently operating in Latin America, is a supportive and easy-to-use business model It makes it easier for attackers to launch attacks.


The growing reliance on smart cards and PIN cards has attracted the attention of Internet criminals over the past decade, and Kaspersky Lab researchers who watch electronic financial crimes in Latin America have found that malicious Brillix software has evolved to target the technology on which these cards are based.
This malicious code has been operating since 2014, and researchers believe that their operators have expanded their efforts to move from ATM penetration to attacks on POS systems developed by Brazilian companies. Today, stolen credit card information is being used to create effective plastic bank cards, Fraudulent transactions at any store, online or offline.

This is the first time that researchers have seen a full set of tools used to carry out financial scams, and credit cards are cloned at any POS system in Brazil because of the erroneous application of the Europay, MasterCard and Visa standard, which means that all data During the bank approval process to make a payment.

Malicious software from a technical perspective includes three components:

• Malware that modifies the point of sale system and intercepts credit card information.
• A server is used to manage information obtained illegally.
• A user application that a malicious client can use to view, copy, or save statistics about card information, for example, the amount stolen with that card.

But the most prominent feature of this malicious software is its associated business model, which takes into account all the needs of users, such as the need for a simple user interface and easy to use.

Evidence suggests that malicious Brillix software is distributed through the traditional postal service, to persuade victims to give criminals access to the computer to provide remote technical support during a session used to install this software, and found that most victims were often from traditional shops, Supermarkets and regular retail markets, all of which are in Brazil.

"We're dealing with completely new malicious software that offers attackers everything from the GUI to the well-designed modules that can be used to create different credit card structures," said Tiago Marx, a security analyst at Kaspersky Lab. "Technologies such as chips and PINs are still relatively new in some parts of the world, such as the United States, and people in those areas may lack sufficient awareness of the risk of credit card cloning and misuse. In Brazil, Of the erroneous application of security standards in the banking sector, highlighting the importance of developing a safe and future standards for payment techniques. "