The Brazilian group of cybercriminals Prilex was the first in the world to manage to defraud proximity payments, revealed the Sheet this Tuesday (31).
Prilex’s new malicious program (malware) blocks the machine’s processing when the customer approaches the card, forcing the buyer to insert it. Then, the second stage of the scam begins: the malware connects with the criminals and sends payment information to them, not to the financial institution.
Although these methods are recent, the group’s work dates back to 2014, when they stole data from ATMs. They were discovered only at Carnival 2016, when they installed viruses in more than a thousand machines, which they then programmed to release all the money in stock at the same time.
The synchronized attack hit several cities in the country and introduced the group to the public. At the time, Prilex also captured data from 28,000 credit cards inserted at checkouts.
Since then, cybercriminals have started to circumvent payment methods in an increasingly sophisticated way. To infect billing devices, however, the group still relies on social engineering. They deceive the owners of the points of sale with phone calls and even telegrams, pretending to be employees of the vending machine companies or card brands.
In this contact, Prilex members say they need to maintain equipment and instruct the victim to install a tool that gives remote access to the computer, as technicians in general do. With that permission, they install the virus.
Even with this analogical step in the coup, the Brazilian cybercriminal group managed to expand its operations to North America and Europe.
Last year, the malicious tool was detected in North America as well. In 2018, it caused a loss of 1.5 million euros (R$ 8.3 million at current exchange rates) to a bank in Germany.
The Brazilian gang prefers to apply blows to companies that move expressive values, says Kaspersky’s head of research in Latin America, Fabio Assolini.
For him, the gang has in their hands one of the most advanced viruses for card theft in the world.
Prilex also sells its technology to other groups. Kaspersky is investigating an alleged offer of US$ 13,000 (R$ 67,700) for the virus that affects machines.
Today, the main cybercriminal gangs in the world act by blocking information from large corporations to ask for billionaire ransoms – this data kidnapping is called ransomware. With that, Brazilians gained worldwide prominence in the less lucrative business of card scams.
Sought, the Civil Police of the state of São Paulo did not inform since when it investigates Prilex.
For the consumer, the fraud starts with the message “ERROR APPROXIMATION (sic) INSERT THE CARD (sic)”. Despite the spelling errors, the flaw in the machine caused by Prilex is an unprecedented feat, according to Kaspersky.
Proximity payments use NFC (Near Field Communication) technology, and each use of the card generates a unique identifier code. If the information is intercepted by criminals, it cannot be used on another occasion, which makes cloning difficult.
The Brazilian gang bypassed this security with social engineering. The malware induces the customer to make the payment by inserting the chip in the machine.
From then on, the gang applies the phantom purchase scheme, which Folha had already explained in October.
The number of detections of the new virus in action is still not high, which may indicate that it is still being tested, according to Karpersky.
I have worked in the news industry for over 10 years and have been an author at News Bulletin 247 for the past 5 years. I mostly cover technology news and enjoy writing about the latest gadgets and devices. I am also a huge fan of music and enjoy attending live concerts whenever possible.