Post Now

New ATM Malware PRILEX Targets Banks in BRAZIL

Image

Security researchers have discovered a new ATM malware named PRILEX  which was seen targeting banks in Brazil

Security researchers have discovered a new ATM malware named PRILEX  which was seen targeting banks in Brazil.The malware was first reported by Kaspersky Lab in October 2017, and more detailed analysis was done by researchers at Trend Micro. The malware is written in Visual Basic 6.0 (VB6) and specifically designed to hijack banking application,

Read more on: A Simple ATM Malware ATMii Capable of Dispensing Cash by Hijacking Legitimate Process
Researchers said the malware works by hooking certain dynamic-link libraries (DLLs) and replacing it with its own application screens on top of others. Below are the external DLLs it affects:
  • P32disp0.dll
  • P32mmd.dll
  • P32afd.dll
  • Researchers also said that on further analysis they discovered the DLLs belong to the ATM application of bank in Brazil and the malware was discovered affecting only a specific brand of ATM.
Working of PRILEX malwareAfter infecting the machine, when the banking application asks the user for the security code the malware overlays the screen and captures and stores it.When the code was analyzed researchers noticed something interesting that after it steals data the malware tries to communicate with a remote command-and-control (C&C) server and upload both credit card data and the account security code. “To our knowledge, this is the first ATM malware that assumes it is connected to the internet. It is likely that this bank’s ATMs are connected since the attackers seem to be very familiar with this particular bank’s methods and processes” said in the blog post published by Trend Micro.
Read more on: Hacker Group Anonymous Attacks Israel and Threatens Cyber Attack on US Government
Here the attackers aim to steal credit card credentials instead of just jackpotting the ATM. So there is a possibility that the attackers behind the attack deal with bulk credit card credentials. “It’s concerning, and something that is worth looking into if you’re trying to defend your ATM infrastructure. Jackpotting attacks are very notorious, but a silent attack like this can go unnoticed for months, if not years. These days, setting monitoring tools and protections in place should be, in our opinion, mandatory” said researchers.