Computer Trojan horse steals credit card details from hotel reception software

A remote access Trojan horse (RAT) that targets hotel point-of-sale software is being advertised on underground forums

A remote access computer Trojan (RAT) designed to steal credit card details from hotel point-of-sale (PoS) applications is being sold on the underground forums, researchers from security firm Trusteer said in a blog post on Wednesday.

Trusteer security researchers found an advertisement on a black market forum for a custom RAT designed to infect hotel front desk computers and steal customer credit card and billing information.

The seller was offering the computer Trojan, together with instructions on how to trick hotel front desk managers into installing it on their computers, for US$280. The seller also claimed that the malware won't be detected by any antivirus program when it's delivered to the buyer.

Malware writers often repackage their malicious installers with new algorithms in order to evade signature-based antivirus detection, said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender.

The repackaged samples can then be delivered via email or instant messaging without being stopped at the network perimeter. However, if an antivirus product with strong heuristic and behavioral detection capabilities is running on the targeted systems, the malware should be blocked at execution time, Botezatu said via e-mail.

The hotel RAT's seller specified in the ad that the malware doesn't collect card security numbers, also known as CVV or CID, but this doesn't necessarily make the rest of the stolen information less useful to cybercriminals.

Some merchants are allowed to charge cards without the CVV details, especially in the U.S., Botezatu said. However, even if that wasn't the case, the data can still be used to phish the security codes from the card owners themselves or to search for the codes in existing data dumps that resulted from older phishing attacks, he said.

Most remote access computer Trojans have the capability to take screenshots, record keystrokes, download/upload files and execute arbitrary code, which makes them suitable for many types of cybercriminal operations.

The hotel RAT advertisement included screenshots of a particular PoS application, but its functionality might not be restricted to that specific program.

"The strength of RATs is their generic nature -- they can be used to attack many different applications in use by many industries," said Amit Klein, Trusteer's chief technology officer. "We've seen RATs used against internal applications, banking applications, defense industries, etc."

Hotels typically have a limited IT staff or knowledge of malware and they handle a large number of credit cards on a daily basis, which makes them a perfect target, said Yaron Dycian, Trusteer's vice president of products, via email.

The fact that the RAT's creator decided to target the hospitality industry is consistent with a recently observed change in the focus of cybercriminals -- an expansion from online banking attacks to attacks against PoS systems.

"I think the main reason for this shift, or diversification, is the fact that POS machines, and some business machines serve as 'mini repositories' where information about many victims can be collected at once," Klein said via email. "This is in contrast with consumer machines which typically expose one or two accounts."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?