Hotels, Technology|

Trojan Horse Steals Hotel Guests’ Info

Credit Car being Handed Over for PaymentLast week, researchers warned that there has been a trojan discovered on black market websites that allows hackers to steal hotel customers’ credit card information straight from the front-desk. The discovery was made by security firm Trusteer in an advertisement on underground forums. The company said it found that the check-in software is targeting more than home computers.

Trusteer says it found the attack code for sale for $280, which uses a Trojan to steal credit card details from hotel guests via the check-in machine or point of sale for the venue. Anybody that buys the code will also get an information package that includes advice about how to get someone to install the spyware. Through the malware and several screenshots, the Trojan gathers personal and credit card information. The spyware can’t be detected by anti-virus software, which is the most important thing about it.

Trusteer says this is a good example of how attackers are changing their ways and looking at more than just banking industries as sources of revenue. Chief technology officer Amit Klein said on Wednesday that criminals are expanding their focus from online banking to enterprises. One of the reasons for this is that enterprises’ devices can turn out high value digital assets when they are compromised. Additionally, the popularity of employees using their own devices makes it easier for unmanaged laptops, tablets and smartphones used to access sensitive enterprise applications and systems to be infected. This is because these devices don’t usually contain anti-virus protections and patches that would halt such a Trojan.

Trusteer director of product marketing Oren Kedem said on Thursday that the hospitality industry is a profitable target, as it deals in valuable financial data. Plus, hackers may find hotels to be easy targets because employees are easy to trick into trusting emails, even if it invites malware into the network. Hotels communicate with people they don’t know on a regular basis through opening emails, he added.

Anti-virus vendor BitDefender senior e-threat analyst Bogdan Botezatu says malware writers usually repackage their installers with new algorithms to avoid signature-based anti-virus detection. Repackaged samples can be delivered via instant messages or emails without being stopped at the network’s perimeter. However, the spyware should be stopped when it’s executed if an anti-virus product is running behavioural and heuristic detection capabilities.

The seller of this particular Trojan specified in its advert that the spyware doesn’t collect the security numbers on credit cards – aka CIDs or CVVs. However, this doesn’t mean that the rest of the information the cyber criminals have stolen will be less useful. Botezatu says some merchants allow transactions to go through without these details, particularly in the US. Additionally, the data can still be used to get the security codes from the card owners themselves through phishing attacks or by searching existing data dumps from older phishing attacks.

The hospitality industry has been attacked hard over the last couple years. For example, high-end Albany, NY hotel The Desmond announced last month that all guests who stayed with them between May 21 last year and March 10 this year may have had their credit card details stolen by hackers. The hotel didn’t detail how the breach happened.




  • Share this post:
  • Facebook
  • Twitter
  • Delicious
  • Digg
In the Press
  • The Sunday Post Martin Lewis of Early booking using comparison sites including can slash up to 70%
  • The Daily Mail For the best deals, use price comparison websites such as
  • The Daily Telegraph Check out car hire comparison sites such as to see the prices on offer at dozens of car hire companies.

Cookies on

Copyright 2003 ASAP Ventures Ltd

All rights reserved

Registered in England and Wales

Company number 4278063

Registered office address

1 The Square, Lightwater, Surrey, GU18 5SS