Trusteer researchers recently came across new attack code that uses a remote access Trojan (RAT) to steal credit card data from hotels' point of sale systems. The code is being sold on underground forums for $280, including setup instructions and advice on how to trick front desk managers into installing the Trojan.
"In this particular scenario, a remote access Trojan program is used to infect hotel front desk computers," writes Trusteer's Amit Klein. "It then installs spyware that is able to steal credit card and other customer information by capturing screenshots from the PoS application. The spyware is not detected by anti-virus programs."
"If there's a silver lining to this spyware scare, it's that, for now, the attack module Trusteer detected is unable to siphon hotel guests' credit card verification value (CVV2), the security code, often located on the back of credit cards, used when completing transactions," writes SecurityNewsDaily's Matt Liebowitz.
"Hotels typically have a limited IT staff or knowledge of malware and they handle a large number of credit cards on a daily basis, which makes them a perfect target, said Yaron Dycian, Trusteer's vice president of products, via email," writes PCWorld's Lucian Constantin. "The fact that the RAT's creator decided to target the hospitality industry is consistent with a recently observed change in the focus of cybercriminals -- an expansion from online banking attacks to attacks against PoS systems."