New PRILEX malware: ATM traps tailored to Brazilian banks

Ddos December 20, 2017 2 minutes read

According to foreign media reported on December 17, Trend Micro’s security researchers recently discovered a malicious ATM called PRILEX software designed to target the Brazilian bank’s targeted attacks, theft of ATM user information.

Kaspersky Lab first discovered the PRILEX attack in October of this year, while Trend Micro analyzed PRILEX as having atypical behavior because PRILEX affects only certain brands of ATMs. This atypical behavior shows that malware is Highly targeted attack designed. The discovered ATM malware worked by hooking up some dynamic link libraries (DLLs) and replacing it with its own application screen.

The DLLs targeted by this malicious code are:

P32disp0.dll

P32mmd.dll

P32afd.dll

Once infected with the ATM, the PRILEX malware kills the bank application process and displays a specific false screen to induce the user to provide an account verification code. It is reported that the CAPTCHA was originally provided to the user as part of a two-factor authentication process and the malware would capture and store the CAPTCHA code and the malware PRILEX would attempt to send the credit card data and account verification code back to the C & C server, This is a very rare behavior for ATM malware. So researchers speculate that ATMs at the bank are likely to be networked together and attackers seem familiar with these specific devices.

In addition to the malware PRILEX, Trend Micro researchers also analyzed the recently discovered CUTLET MAKER ATM malware, which is sold for about $ 5,000 on darknets.

The malware CUTLET MAKER empties all of the device’s inventory by intruding into the ATM interface of a particular ATM vendor without having to interact with bank users and their data. However, competitors have managed to crack CUTLET MAKER’s code, allowing anyone to use it for free. The author of CUTLET MAKER so far has not released a new version to solve this problem.

Source: SecurityAffairs