Assustador esse malware, muito bom o episódio!

Segurança Legal: Episódio #334 – Nova fraude com cartão de crédito

Webpage do episódio: https://www.segurancalegal.com/2023/02/episodio-334-nova-fraude-com-cartao-de-credito/

Arquivo de media: https://media.blubrry.com/segurana_legal/archive.org/download/SL-334-Nova_fraude_cartao_credito/334.mp3

#podcast
#podcastbr
#segurancalegal
#prilex

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards
https://thehackernews.com/2023/02/prilex-pos-malware-evolves-to-block.html #Cybercrime #Malware #Prilex

New #Prilex #PoS Malware evolves to target #NFC-enabled credit cards
https://securityaffairs.com/141686/malware/prilex-pos-malware-nfc-enabled-credit-cards.html
#securityaffairs #hacking #malware

"Prilex now implements a rule-based file that specifies whether or not to capture credit card information and an option to block NFC-based transactions."

https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/

#malware #POS #ECR #payments #prilex

Kaspersky's IT threat evolution Q3 2022 report describes Prilex threat actor which uses social engineering to initially infect point-of-sale system with malware. To enable payment fraud, infected systems seem to replay legitimate payment card purchase transaction cryptograms to the threat actor which then profits by conveying purchases via a shell company to the merchant acquirer.

Almost needless to say, there seems to be a bunch of PCI DSS requirement non-compliance when attacker is able to 1) impersonate maintenance, 2) admin access system, 3) install malware and 4) exfiltrate credit card purchase data from the system.

https://securelist.com/it-threat-evolution-q3-2022/107957/#prilex-the-pricey-prickle-credit-card-complex

#pos #malware #prilex #pcidss