Trojan Horse Steals Hotel Guests’ Info

Last week, researchers warned that there has been a trojan discovered on black market websites that allows hackers to steal hotel customers’ credit card information straight from the front-desk. The discovery was made by security firm Trusteer in an advertisement on underground forums. The company said it found that the check-in software is targeting more than home computers.

Trusteer says it found the attack code for sale for $280, which uses a Trojan to steal credit card details from hotel guests via the check-in machine or point of sale for the venue. Anybody that buys the code will also get an information package that includes advice about how to get someone to install the spyware. Through the malware and several screenshots, the Trojan gathers personal and credit card information. The spyware can’t be detected by anti-virus software, which is the most important thing about it.

Trusteer says this is a good example of how attackers are changing their ways and looking at more than just banking industries as sources of revenue. Chief technology officer Amit Klein said on Wednesday that criminals are expanding their focus from online banking to enterprises. One of the reasons for this is that enterprises’ devices can turn out high value digital assets when they are compromised. Additionally, the popularity of employees using their own devices makes it easier for unmanaged laptops, tablets and smartphones used to access sensitive enterprise applications and systems to be infected. This is because these devices don’t usually contain anti-virus protections and patches that would halt such a Trojan.

Trusteer director of product marketing Oren Kedem said on Thursday that the hospitality industry is a profitable target, as it deals in valuable financial data. Plus, hackers may find hotels to be easy targets because employees are easy to trick into trusting emails, even if it invites malware into the network. Hotels communicate with people they don’t know on a regular basis through opening emails, he added.

Anti-virus vendor BitDefender senior e-threat analyst Bogdan Botezatu says malware writers usually repackage their installers with new algorithms to avoid signature-based anti-virus detection. Repackaged samples can be delivered via instant messages or emails without being stopped at the network’s perimeter. However, the spyware should be stopped when it’s executed if an anti-virus product is running behavioural and heuristic detection capabilities.

The seller of this particular Trojan specified in its advert that the spyware doesn’t collect the security numbers on credit cards – aka CIDs or CVVs. However, this doesn’t mean that the rest of the information the cyber criminals have stolen will be less useful. Botezatu says some merchants allow transactions to go through without these details, particularly in the US. Additionally, the data can still be used to get the security codes from the card owners themselves through phishing attacks or by searching existing data dumps from older phishing attacks.

The hospitality industry has been attacked hard over the last couple years. For example, high-end Albany, NY hotel The Desmond announced last month that all guests who stayed with them between May 21 last year and March 10 this year may have had their credit card details stolen by hackers. The hotel didn’t detail how the breach happened.