Security & Fraud

Hackers Behind Prilex POS Malware Using Stolen Data To Make Functional Cards


Kaspersky Lab, the security company, announced Thursday (March 15) that researchers have discovered the hacking group behind the Prilex point-of-sale (POS) malware can use stolen credit card data to create functional plastic cards.

In a press release, Kaspersky said the malware, which is operating in Latin America, is notable because it has a supportive, user-friendly model that enables hackers to launch attacks with ease. Prilex has evolved to target smart chip- and PIN-protected payment cards, noted Kaspersky.

“We are dealing here with a completely new malware, one that offers attackers everything from a graphic user interface to well-designed modules that can be used to create different credit card structures,” said Thiago Marques, security analyst for Kaspersky, in the press release. “Chip and PIN technology is still relatively new in some parts of the world, such as the U.S., and people may lack awareness of the risk of credit card cloning and abuse. In Brazil, the evolved Prilex malware takes advantage of a faulty implementation of industry standards – highlighting the importance of developing secure, future-proof standards for payment technologies.”

According to Kaspersky Lab, the Prilex malware has been around since 2014, moving from ATM hacks to hacks of POS systems developed by vendors in Brazil. Now the hackers are using the stolen credit card data to make functional plastic cards that let them perform fraudulent transactions in any store, both online and offline. The clone credit cards work in any POS in Brazil.

According to Kaspersky, the malware is made up of malicious software that modifies the POS system and steals the credit card information, as well as a service that is used to manage all of the information and a user application that hackers can use to view, clone or save information about the cards.

“This is the most notable feature of the malware: its associated business model, where all the users’ needs are taken into account, including the need for a simple and user-friendly interface,” wrote Kaspersky in the release. It noted there is evidence that the malware is being distributed via snail mail, tricking victims into giving the hackers access to their computers for remote support sessions. The hackers then use these sessions to install the malware. It’s also been targeting traditional stores, including gas stations, supermarkets and retailers in Brazil.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.