Malware variant can block contactless payments

Kaspersky warns that the latest variant of the Prilex malware can block contactless payments to force people to insert cards, enabling criminals to steal money

A variant of point-of-sale Malware, known as Prilex, can now block contactless payments and force victims to use physical cards before criminals steal from them.

The warning comes from Kaspersky, which said it has uncovered three modifications to Prilex malware that block contactless payment transactions.

Contactless payment use exploded during the Covid-19 pandemic as consumers avoided physical contact when making payments. Today in the UK, almost 90% of face-to-face payments are made using contactless transactions. According to numbers from Lloyds Bank, 65% of face-to-face payments were made using contactless debit cards in June 2019, which was pre-Covid, but by June 2022, this had reached 87%.

The popularity of contactless payments has continued to increase since the pandemic, and it shows no sign of abating. The criminals behind Prilex, which originally targeted ATM users, have adjusted their attack lines to target contactless payments, and can now block near-field communication (NFC)-based transactions, according to Kaspersky. The malware can detect NFC-based transactions, block them and force consumers to insert their cards.

If attacked, users will receive the message, “Contactless error, insert your card”.

“The cyber criminal’s goal is to force the victim to use their physical card by inserting it into the PIN pad reader, so the malware can capture data coming from the transaction,” said Kaspersky.

Prilex has been operating in Latin America since 2014, and is allegedly behind a large attack at the Rio Carnival in 2016, when it cloned more than 28,000 credit cards and and stole from more than 1,000 ATMs. It is now spreading globally, according to Kaspersky, which has already seen the malware used in Germany.

Malware variant can block contactless payments

Fabio Assolini, head of the Latin American global research and analysis team at Kaspersky, said: “Contactless payments are now a part of our everyday life, and the statistics show the retail segment dominated the market with more than 59% share of the global contactless revenue in 2021.

“Such transactions are extremely convenient and particularly safe, so it’s logical for cyber criminals to create malware that blocks NFC-related systems,” he said. “As the transaction data generated during contactless payment is useless from a cyber criminal’s perspective, it’s understandable that Prilex needs to prevent contactless payment to force victims to insert the card into the infected point-of-sale terminal.” 

According to a recent report from Money.co.uk, more than £4bn was stolen by fraudsters and cyber criminals in the UK through 2022, after a huge increase from the previous year.

This represented a 63% increase in losses compared with 2021, when £2.4bn was stolen.

In its 2022 Fraud and cybercrime report, the online financial service comparison website revealed that criminals are stealing larger sums of money in each fraud, resulting in a greater average loss per fraud (£11,000) despite fewer reported cyber crimes – more than 350,500 frauds or cyber crimes were reported in 2022, representing 21% fewer than the previous year. 

In the final three-month period of last year, when £917m was stolen, banking fraud was responsible for the biggest losses, with nearly £290m taken.

Read more on IT for financial services