Brazilian hackers make phantom card purchases; meet the scam

Infected card machine can harm consumers
Unsplash/Clay Banks

Infected card machine can harm consumers

A Brazilian hacker group is spreading malware that can make phantom purchases on victims’ debit and credit cards. Called Prilex, the virus has been around since 2016, but a new version was discovered this year by cybersecurity company Kaspersky, which revealed its workings on Wednesday (28).

Prilex, which a few years ago was used to clone cards, now has a version that works even more sophisticatedly, cloning only specific purchases – which reduces the chances of the scam being discovered.

Here’s how it works: imagine you’ve made a purchase, whether it’s at a restaurant, gas station, or a mall store. When swiping the card, the purchase is denied, causing you to swipe the card again. When a trade’s system is infected with Prilex, this is exactly what happens. The first purchase is used by the hackers to steal all the card data and the password, while the second is the legitimate purchase. The cybercriminals then use this information to repeat the purchase, but this time on behalf of a shell company.

Unlike its previous version, the new Prilex does not clone the card, making future purchases. The malware clones only the purchase it acted on, making it even more discreet. “For the consumer, there is nothing he can do to suspect the scam. The only thing is that the operation needs to be done twice, but this is common and may have other reasons, not necessarily being a Prilex action” , comments Fabio Assolini, director of Kaspersky’s Global Research and Analysis Team in Latin America.

How Prilex spreads

Fabio explains that the hacker group invades the computers of companies (which are connected to the card machines) through the so-called social engineering, a well-known technique in the field of information security that uses, in short, manipulation and talk.

Criminals contact a company by email or call and pretend to be from the machine operator’s technical support. Then they ask the employee to grant remote access to the computer so that an update can be performed. This update doesn’t actually exist. What hackers do is disable antivirus for Prilex and install it on the machine.

The coup, which is complex, still undergoes a kind of market assessment. Before running the malware, hackers analyze the merchant’s cash flow. As only each transaction is stolen, it is necessary for the commerce to make many daily sales in high values ​​for the crime to pay. Therefore, the targets are often hotels, gas stations or very busy stores. If the scammer realizes that the movement is low, he ends the supposed technical support and doesn’t even install the malware on the company’s systems. “This shows the degree of professionalism of the gang”, comments Fabio.

For now, Kaspersky has not been able to identify how many commercial establishments have already been hit by Prilex, but the hacker group seems to be already having success even internationally. On the internet, malware is sold to other hacker groups outside Brazil for offers in the thousands of dollars.

Recently, a $13,000 offer was identified by Kaspersky on a website allegedly linked to the group, but has yet to be confirmed. “If this figure is confirmed, we have a strong indication of how profitable this new approach is for criminals”, comments Fabio.

What can you do to not fall for the scam?

On the consumer side, there are no security measures that can prevent the scam from being carried out. What customers can do is keep an eye on card transactions and call the bank if they notice a duplicity.

On the business side, however, there is much to be done. The basis of the Prilex invasion is social engineering. This means that the scam does not depend on a system failure to operate, but only on an employee poorly trained in terms of cybersecurity. That means the group behind Prilex hits the weakest link in a company’s security: people.

In addition to better training their teams, Fabio points out that companies can also prioritize extra layers of security, such as not leaving anyone logged into the administrator profile. This would, for example, prevent hackers from being able to disable the antivirus remotely. “Given the group’s sophistication, I wouldn’t be surprised if they managed to invade the machine, sending a supposed technician in person”, emphasizes the specialist.

According to Kaspersky’s analysis, the new Prilex is not yet able to clone purchases made by means of approximation, but only inserted cards. Using this safer method, therefore, could be a good tip to not fall for the scam. Once again, however, Fabio comments on the group’s high degree of sophistication. “I wouldn’t be surprised if they found ways to clone the purchase by approximation as well.”

Source link

About Admin

Check Also

Need for Speed ​​Unbound comes to PC with DLSS 3 and FSR 2.2 support

Game has no effects via ray tracing Need for Speed ​​Unbound is already in the …

Leave a Reply

Your email address will not be published. Required fields are marked *