New ATM Malware PRILEX Targets Banks in BRAZIL

No featured articles available

Check back soon for the latest updates and featured content.

Security researchers have discovered a new ATM malware named PRILEX which was seen targeting banks in Brazil

Security researchers have discovered a new ATM malware named PRILEX which was seen targeting banks in Brazil.The malware was first reported by Kaspersky Lab in October 2017, and more detailed analysis was done by researchers at Trend Micro. The malware is written in Visual Basic 6.0 (VB6) and specifically designed to hijack banking application,

Researchers said the malware works by hooking certain dynamic-link libraries (DLLs) and replacing it with its own application screens on top of others.

Below are the external DLLs it affects:

P32disp0.dll

P32mmd.dll

P32afd.dll

Researchers also said that on further analysis they discovered the DLLs belong to the ATM application of bank in Brazil and the malware was discovered affecting only a specific brand of ATM.

Working of PRILEX malware

After infecting the machine, when the banking application asks the user for the security code the malware overlays the screen and captures and stores it.

When the code was analyzed researchers noticed something interesting that after it steals data the malware tries to communicate with a remote command-and-control (C&C) server and upload both credit card data and the account security code.

“To our knowledge, this is the first ATM malware that assumes it is connected to the internet. It is likely that this bank’s ATMs are connected since the attackers seem to be very familiar with this particular bank’s methods and processes

” said in the blog post published by Trend Micro.

Here the attackers aim to steal credit card credentials instead of just jackpotting the ATM. So there is a possibility that the attackers behind

the attack deal with bulk credit card credentials.

“It’s concerning, and something that is worth looking into if you’re trying to defend your ATM infrastructure. Jackpotting attacks are very notorious, but a silent attack like this can go unnoticed for months, if not years. These days, setting monitoring tools and protections in place should be, in our opinion, mandatory” said researchers.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

New ATM Malware PRILEX Targets Banks in BRAZIL

Security researchers have discovered a new ATM malware named PRILEX which was seen targeting banks in Brazil

Share Your Story!

No featured articles available

Security researchers have discovered a new ATM malware named PRILEX which was seen targeting banks in Brazil

Stay Updated with the Latest Cybersecurity News