Computer Trojan horse steals credit card details from hotel reception software

A remote access Trojan horse (RAT) that targets hotel point-of-sale software is being advertised on underground forums

A remote access computer Trojan (RAT) designed to steal credit card details from hotel point-of-sale (PoS) applications is being sold on the underground forums, researchers from security firm Trusteer said in a blog post on Wednesday.

Trusteer security researchers found an advertisement on a black market forum for a custom RAT designed to infect hotel front desk computers and steal customer credit card and billing information.

The seller was offering the computer Trojan, together with instructions on how to trick hotel front desk managers into installing it on their computers, for US$280. The seller also claimed that the malware won't be detected by any antivirus program when it's delivered to the buyer.

Malware writers often repackage their malicious installers with new algorithms in order to evade signature-based antivirus detection, said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender.

The repackaged samples can then be delivered via email or instant messaging without being stopped at the network perimeter. However, if an antivirus product with strong heuristic and behavioral detection capabilities is running on the targeted systems, the malware should be blocked at execution time, Botezatu said via e-mail.

The hotel RAT's seller specified in the ad that the malware doesn't collect card security numbers, also known as CVV or CID, but this doesn't necessarily make the rest of the stolen information less useful to cybercriminals.

Some merchants are allowed to charge cards without the CVV details, especially in the U.S., Botezatu said. However, even if that wasn't the case, the data can still be used to phish the security codes from the card owners themselves or to search for the codes in existing data dumps that resulted from older phishing attacks, he said.

Most remote access computer Trojans have the capability to take screenshots, record keystrokes, download/upload files and execute arbitrary code, which makes them suitable for many types of cybercriminal operations.

The hotel RAT advertisement included screenshots of a particular PoS application, but its functionality might not be restricted to that specific program.

"The strength of RATs is their generic nature -- they can be used to attack many different applications in use by many industries," said Amit Klein, Trusteer's chief technology officer. "We've seen RATs used against internal applications, banking applications, defense industries, etc."

Hotels typically have a limited IT staff or knowledge of malware and they handle a large number of credit cards on a daily basis, which makes them a perfect target, said Yaron Dycian, Trusteer's vice president of products, via email.

The fact that the RAT's creator decided to target the hospitality industry is consistent with a recently observed change in the focus of cybercriminals -- an expansion from online banking attacks to attacks against PoS systems.

"I think the main reason for this shift, or diversification, is the fact that POS machines, and some business machines serve as 'mini repositories' where information about many victims can be collected at once," Klein said via email. "This is in contrast with consumer machines which typically expose one or two accounts."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?