The Hacker News reports that Brazilian threat actor Prilex has reemerged in new attacks leveraging an advanced point-of-sale malware instead of ATM-focused malware prior to its year-long hiatus.
While Prilex has also exhibited its capability to conduct EMV replay attacks, the threat actor has been observed by Kaspersky researchers to transition into the new GHOST transactions approach, which involves a stealer that gathers PoS software-PIN pad communications in an effort to obtain card information. Such information is then sent to a command-and-control server, which could then allow fraudulent transactions.
Prilex has also improved the malware to include a backdoor module for PoS software behavior debugging, as well as process termination, screen capturing, arbitrary file downloads, and command execution, according to Kaspersky.
"[The Prilex malware is] dealing directly with the PIN pad hardware protocol instead of using higher level APIs, doing real-time patching in target software, hooking operating system libraries, messing with replies, communications and ports, and switching from a replay-based attack to generate cryptograms for its GHOST transactions even from credit cards protected with CHIP and PIN technology," researchers added.
The deal will add another prominent cybersecurity company to Cisco’s portfolio. In the past eight months alone, the company has acquired email and AI cybersecurity firm Armorblox, cloud security firm Lightspin and network security business Valtix.