Everyone has heard of the credit card skimmer devices that an
unscrupulous individual, posing as say a waiter, may use to collect
credit card information from an unsuspecting patron. This remote access
trojan or RAT takes that idea one step further. It seems someone is
selling a program to install into a hotels point of sale (POS) system
to steal credit card numbers by taking screenshots of the check in
terminals screen with the credit card and user details.
A remote access Trojan is being sold on underground forums to anyone
willing to pay $280 (212 EUR) for it. For that price, the proud owner
ends up with a malicious program that’s designed to steal credit card
details from point of sale (POS) applications found in hotels.
researchers found that the seller offers detailed instructions
on how the Trojan works and how it can be installed. He even provides
tips on how to social engineer the hotel employees in charge of the
front desk to convince them to install it on the target computer.
Once the malicious software is installed, it steals credit card numbers
and expiration dates by making screenshots of the POS application.
The worst part about this spyware is that it’s not detected by
antivirus software, which means that it can perform its evil duties
without being identified easily. Now this doesn't mean it may not be
detected tomorrow. Antivirus software vendors update the virus
signatures for their products sometimes multiple times a day. So,
eventually this spyware will be caught, just as long as someone at the
hotel decides to actually run a scan for it.
Here’s how the seller advertises his merchandise:
Hello all, I’m offering Hotel RATs. In other words: A virtual skimmer.
Benefits of a Hotel (Remote Access Trojan Connection) is an infected
front desk computers on which the hotel has its software that reads the
number on the cc and spits out the information on the screen and it’s
keyloggable if you keylog every stroke.
I’m offering this method for $280, guaranteed US/Canada/UK connections
and a method on how to obtain them on your own. From showing you how to
setup your RAT (which includes a free crypt – fully undetectable to all
Antiviruses) along with selling you the tutorial on how to Social
Engineer/Manipulate the front desk manager on the phone via VoIP.
I can prove my legitimacy and the accuracy of this method. PM me if you
Unfortunately, this proves that when it comes to your credit card, you
cannot trust anyone. That is why credit card holders are advised to
follow best security practices and always keep a close eye on their
financial assets and current purchases. Check your credit card
purchases on a regular basis to make sure no fraudulent activity has
luckily it seems the software does have one bug, it isnt designed to
grab the CVV2 number though, the 3 digit security code on the back of a