Below is a media alert on Trusteer’s new research that has uncovered attack code being sold in underground forums. The attack uses a remote access Trojan to steal credit card information from a hotel point of sale (POS) application and is not detected by antivirus programs. The purchase price includes instructions on how to set up the Trojan and the sellers even offer advice on how to use telephone social engineering techniques via VoIP software to trick desk managers into installing the Trojan.
The attack highlights the shift of cybercriminals from online banking to enterprises.
For more information please see the full media alert below. Let me know if you need further details or are interested in setting up an interview with Amit.
No Reservations – Remote Access Trojan Pilfers Credit Cards from Hotels
Trusteer’s intelligence center researchers recently uncovered attack code being sold in underground forums that uses a remote access Trojan to steal credit card information from a hotel point of sale (PoS) application. This scheme, which is focused on the hospitality industry, illustrates how criminals are using malware on enterprise machines to collect financial information from enterprises instead of targeting end users machines.
In this particular scenario, a remote access Trojan program is used to infect hotel front desk computers. It then installs spyware that is able to steal credit card and other customer information by capturing screenshots from the PoS application. The spyware is not detected by anti-virus programs.
This attack code is being offered for $280. It can steal credit card numbers and expiration dates, but not CVV2 numbers in the sample Trusteer inspected. The purchase price includes instructions on how to set-up the Trojan. The sellers even offer advice on how to use telephone social engineering techniques via VoIP software to trick front desk managers into installing the Trojan.
Criminals are increasingly expanding the focus of their attacks from online banking targets to enterprises. One of the reasons for this shift is that enterprise devices can yield high value digital assets when compromised. In addition, the prevalence of bring your own device (BYOD) usage by employees makes it easier to infect unmanaged smartphones, tablets and laptops that are used to access sensitive enterprise systems and applications.