Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 16:21:25 UTC
Home > List all groups > List all tools > List all groups using tool Prilex
 Tool: Prilex
Names Prilex
Category Malware
Type ATM malware, POS malware, Credential stealer
Description
(Kaspersky) While researching malware for ATM jackpotting used by a Brazilian group called
Prilex, our researchers stumbled upon a modified version of this malware with some additional
features that was used to infect point-of-service (POS) terminals and collect card data.
This malware was capable of modifying POS software to allow a third party to capture the
data transmitted by a POS to a bank. That’s how the crooks obtained the card data. Basically,
when you pay at a local shop whose POS terminal is infected, your card data is transferred
right away to the criminals.
However, having the card data is just half the battle; to steal money, they also needed to be
able to clone cards, a process made more complicated by the chips and their multiple
authentications.
The Prilex group developed a whole infrastructure that lets its “customers” create cloned cards
— which in theory shouldn’t be possible.
Information
Malpedia Last change to this tool card: 17 February 2023
Download this tool card in JSON format
All groups using tool Prilex
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=82a835f9-02b1-47fb-b2ec-5b6085226899
Page 1 of 2

Changed Name Country Observed
Unknown groups
  _[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=82a835f9-02b1-47fb-b2ec-5b6085226899
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=82a835f9-02b1-47fb-b2ec-5b6085226899
Page 2 of 2