New variants of a well-known Point of Sale (PoS) virus that disables sophisticated capabilities to steal credit card data have been detected by cybersecurity experts.

Kaspersky discovered Prilex PoS variants 06.03.8070, 06.03.8072, and 06.03.8080 in the wild. These updates, issued in November2022, make it so the terminal can’t process payments made with contactless credit cards.

During the Covid-19 epidemic, the use of contactless transactions skyrocketed because to near-field communication (NFC) chips included in Point-of-Sale (PoS) terminals, credit/debit cards, smartphones, and smart watches. Since a result, it is very difficult for hackers to obtain the data using PoS malware, as the technology enables users to make purchases without ever entering their credit cards.

Removing information with a swipe

However, the bad guys have released a new version of Prilex that prevents point-of-sale terminals from processing contactless payments, so they’ve found a way around this problem.

If the user attempts to perform this operation on a hacked endpoint, they will see an error message and be forced to physically swipe their cards, exposing their sensitive information in the process.

The researchers argue that after acquiring the data, the attackers are able to launch cryptogram manipulation and “GHOST transaction” assaults.

Investigators claim that Prilex operators have been quite productive. They’ve been updating their software for months now, and one of the most recent enhancements is EMV cryptogram creation, which lets them avoid detection and launch “GHOST transaction” assaults on cards that have CHIP and PIN security. The ability to restrict data collection to only one or a few service providers by filtering the cards was also included.

Compared to regular credit cards with a low balance/limit, “these [filtering] rules may prevent NFC and acquire card data only if the card is a Black/Infinite, Corporate, or another tier with a large transaction limit,” Kaspersky stated.