Prilex POS malware can block contactless payments, force PIN use


Kaspersky discovered two new Prilex variants in early 2022 and found a third in November that can target NFC-enabled credit cards and block contactless transactions, forcing payers over to the less-secure PIN machines.

“The goal here is to force the victim to use their physical card by inserting it into the PIN pad reader, so the malware will be able to capture the data coming from the transaction,” the researchers write in a report published this week.

The malware’s new capabilities build on those that already make Prelix the most advanced POS threat, they add. It has a unique cryptographic scheme and can patch target software in real time, force protocol downgrades, run GHOST transactions, and run credit card fraud, including on the most sophisticated CHIP and PIN technologies.

Once the buyer puts the credit card into the PIN machine, all those techniques can go into action.


The tap-to-pay system activates the card’s RFID chip, which sends a unique ID number and transaction to the terminal, neither of which can be used again. There is nothing for a cybercriminal to steal.


When Prilex detects and blocks a contactless transaction, the EFT software will have the PIN system show an error message that reads “Contactless error, insert your card.”

It also can filter credit cards by segment and create different rules for each segment.

“For example, these rules can block NFC and capture card data only if the card is a Black/Infinite, Corporate or another tier with a high transaction limit, which is much more attractive than standard credit cards with a low balance/limit,” the researchers wrote.


Source: Fast-evolving POS malware can block contactless payments • The Register

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft