This malware attack starts with a fake customer-service call

The hackers call hotels, then send email attachments that look like customer information

Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments.

The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as $1 billion from various banks.

On Monday, security firm Trustwave said that three of its clients in the past month had encountered malware built with coding found in previous Carbanak attacks.

This particular campaign has been preying on the hospitality industry, said Brian Hussey, Trustwave’s global director of incident response. The hackers start by calling a business’s customer service line and pretending to be clients who can’t access the online reservation system.

To spread the malware, the hackers also send an email to the customer service agent with an attached word document purportedly containing their reservation information. In reality, this document is designed to download malware to the computer.

The hackers are very persistent, Hussey said. “They’ll stay on the line with the customer service rep until they open up the attachment,” he said. “They have excellent English.”

The hackers can also be very convincing. They appear to be researching their targets on business networking site LinkedIn and finding out the names of company department heads.  “During the call, they’ll do some name-dropping to establish credibility,” Hussey said.

Once the malware is installed, it can download other malicious tools to tamper with the rest of a business’s network. The goal of the attack is to record credit card numbers from point-of-sale machines or e-commerce payment processes, according to Hussey.

In recent years, retailers, restaurants and hotels all have been hit by similar attacks intended to steal payment card data. The malware in this case is more broad-reaching than most. It includes the ability to snap screenshots from the desktop, steal passwords and email addresses and scan a network for valuable targets.

Most, if not all, antivirus engines have failed to detect the malware used in these hacks, according to Trustwave. 

"We've talked to our law enforcement contacts, and they are seeing the same thing," Hussey said. 

In a blog post, TrustWave outlined the technical details of the malware and other indicators that businesses can use to determine if they’ve been compromised.

“Once this malware finds what it wants, it can steal every single credit card that passes through your servers,” Hussey said. “For a large restaurant chain, that can be a million customers over a period of time.”

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?