Security & Fraud

Hackers Behind Prilex POS Malware Using Stolen Data To Make Functional Cards


Kaspersky Lab, the security company, announced Thursday (March 15) that researchers have discovered the hacking group behind the Prilex point-of-sale (POS) malware can use stolen credit card data to create functional plastic cards.

In a press release, Kaspersky said the malware, which is operating in Latin America, is notable because it has a supportive, user-friendly model that enables hackers to launch attacks with ease. Prilex has evolved to target smart chip- and PIN-protected payment cards, noted Kaspersky.

“We are dealing here with a completely new malware, one that offers attackers everything from a graphic user interface to well-designed modules that can be used to create different credit card structures,” said Thiago Marques, security analyst for Kaspersky, in the press release. “Chip and PIN technology is still relatively new in some parts of the world, such as the U.S., and people may lack awareness of the risk of credit card cloning and abuse. In Brazil, the evolved Prilex malware takes advantage of a faulty implementation of industry standards – highlighting the importance of developing secure, future-proof standards for payment technologies.”

According to Kaspersky Lab, the Prilex malware has been around since 2014, moving from ATM hacks to hacks of POS systems developed by vendors in Brazil. Now the hackers are using the stolen credit card data to make functional plastic cards that let them perform fraudulent transactions in any store, both online and offline. The clone credit cards work in any POS in Brazil.

According to Kaspersky, the malware is made up of malicious software that modifies the POS system and steals the credit card information, as well as a service that is used to manage all of the information and a user application that hackers can use to view, clone or save information about the cards.

“This is the most notable feature of the malware: its associated business model, where all the users’ needs are taken into account, including the need for a simple and user-friendly interface,” wrote Kaspersky in the release. It noted there is evidence that the malware is being distributed via snail mail, tricking victims into giving the hackers access to their computers for remote support sessions. The hackers then use these sessions to install the malware. It's also been targeting traditional stores, including gas stations, supermarkets and retailers in Brazil.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.