Paying for goods at checkout has never been easier thanks to mobile wallets and contactless credit cards but hackers have devised a new way to use the payment systems that enable these features against unsuspecting shoppers.
According to a new press release from the cybersecurity firm Kaspersky, its researchers have discovered new variants of the point-of-sale (PoS) malware Prilex that enables it to block contactless near-field communication (NFC) transactions.
While the cybercriminals behind Prilex started off by targeting ATM machines, they’ve now upgraded their malware to launch attacks against PoS systems like the ones you see at checkout at coffee shops, gas stations, convenience stores and other businesses.
Unlike other malware strains that infect users online, Prilex can now steal your credit card details in the real world where people rarely expect to fall victim to cybercrime.
GHOST attacks
With their malware deployed on a vulnerable PoS system, the cybercriminals behind Prilex are able to conduct “GHOST” attacks where they perform credit card fraud. Unfortunately, even credit cards protected by CHIP and PIN technology which was thought to be unhackable are at risk.
After responding to an incident involving one of its customers, Kaspersy’s researchers uncovered three new modifications to the Prilex malware that enable it to block contactless payment transactions.
Normally with a contactless credit card, you just tap it to pay but Prilex now has a way to block these transactions using a rule-based file that lets the malware know whether or not to capture credit card information. Since NFC-based transactions create a unique card number that’s only valid for one transaction, Prilex detects this and blocks it. When this happens, a message indicating there was a “contactless error” appears on a PoS system and shoppers are then prompted to insert or swipe their credit card instead.
Once a potential victim is forced to use their card, Prilex is able to capture all of the data from the transaction. However, the malware can also filter credit cards based on their type. This allows it to capture black or corporate credit cards with a higher transaction limit while ignoring cards with lower limits.
With a victim’s credit card details in hand, the cybercriminals behind Prilex can commit credit card fraud or even try to steal their identity.
How to stay safe from credit card fraud
While the best antivirus software can help keep you safe from online threats, protecting yourself in the real world is a bit different. Especially when you’re used to being able to securely use your credit card at checkout.
To stay safe from the Prilex malware, you want to be extra careful when you see a “contactless error” after trying to use your credit card to tap to pay. When this happens, you’re better off trying to use cash if you have it but if you want to be extra careful, you can cancel the transaction altogether. It's also worth noting that this malware doesn't affect mobile wallets which is why you're better off using Apple Pay, Google Pay or Samsung Pay instead of your physical credit card.
In a blog post, the identity theft protection provider Aura recommends using a chip reader when possible as they’re more secure than tap to pay. At the same time, you should consider using one card for paying bills and another for everyday transactions. This way, you’ll know if your credit card information was stolen at a physical location instead of online.
The cybercriminals behind Prilex have been operating since at least 2014 and unless they’re apprehended by law enforcement, they and their PoS malware will likely remain a threat to watch out for.
