Scam that leads customers to insert mira shopping cards – 11/27/2023 – Tech

Originating in Brazil, the first scam in the world to allow the diversion of contactless payments mainly targets shopping malls and gas stations. The information was released at a Kaspersky event on the 21st.

To circumvent the security protocol used in contactless payments, criminals block the machine’s communication and display this message, with accentuation and typing errors: “PROXIMATION ERROR INSERT THE CARD.”

Thus, they induce the buyer to resort to the traditional way, by inserting the card and entering the password. At this point, according to Kaspersky, the virus creates a false connection: instead of the payment system communicating with the financial institution, it sends the information directly to the criminals and makes a phantom purchase. An indication of the scam are duplicate payments on the invoice.

Wanted by Sheet, Abecs (Brazilian Association of Credit Card and Services Companies) did not comment until the publication of this report. In January, the entity had declared that it had not detected evidence of this malware in action. “[A associação] will continue to monitor and seek information from the market about the alleged scam to prevent contactless payments, an extremely safe payment method”, he said.

Abranet (Brazilian Internet Association), which represents payment companies, did not respond to the report’s request for information.

The scheme was revealed by Sheet in January and has been in place since November last year, but there were no details about the victims. The person responsible for the fraud is the cybercriminal gang called Prilex. Kaspersky claims that it was the first time anyone had tied the knot in this transaction format.

Another novelty discovered by Kaspersky researchers was that the scam only affects wired machines, as the invasion occurs on the computer, where there are more vulnerabilities than on the machine’s system, according to experts.

The scam begins with a cybercriminal visiting the establishment. To schedule it, the fraudster pretends to be a representative of the machine company or another service provider.

On this occasion, the criminal checks whether the computer has low-quality antivirus, outdated or pirated programs and other vulnerabilities. If so, it installs the malware that executes the scam on the machine.

This is one of the reasons why the Prilex gang targets stores in shopping malls and gas stations. Small and medium-sized companies have less budget to build robust defenses and tend to resort more to free or pirated programs, according to Fabio Assolini, head of research at Kaspersky in Latin America.

The other reason is that, in these establishments, more money circulates than in other businesses such as bakeries, where purchases cost just a few reais.

In January, there were still few detections of the virus that blocked contactless payments, which could indicate that the technology was in the testing phase. Since then, the number has risen and Kaspersky has detected another six versions of the malware.

The company has not yet concluded what has changed since then. One possibility is to display a new message on the machine’s screen, instead of: “PROXIMATION ERROR INSERT CARD.”

Assolini says that the scam is not capable of circumventing the encryption of contactless payments, made using NFC signals. In this modality, each transaction has a unique encrypted code. Therefore, criminals need to trick the victim into inserting the card and infecting the computer, not the machine.

If the machine is connected to an infected system, criminals can capture the real data of the card used for traditional payment, according to the cybersecurity researcher. This information allows criminals to carry out other transactions.

The version of the Prilex virus discovered in January is also capable of filtering stolen data, selecting only specific flags or segments, for example. In this case, it is possible to capture information only from “black” and corporate cards, which normally have higher limits. With this, the group is able to make banks of more valuable cards to sell to other criminals.

Kaspersky says the scam is unprecedented and that Prilex should try to export this virus to other countries soon.

Before blocking contactless payments, the Prilex virus was known for displaying error messages and causing the buyer to make more than one purchase — one transaction going to the owner of the establishment and another to the criminals. This scheme became known as “ghost buying.”

PROTECTION

If the consumer detects an improper expense on the card, they should contact the bank to dispute the purchase and file a police report.

Customers should also pay attention to the error message displayed by the machine. “Then what the user can do is insist on payment by contact. If there is no way, it’s better to try to pay another way”, says Assolini.

HISTORIC

Prilex is one of the local groups seeking to stand out abroad with bank fraud, while the world’s main gangs focus on ransomware practices (blocking information for ransom), considered even more profitable. Its activity has been traced since at least 2014, and has already reached North America and Europe.