PC Hell: Remote Access Trojan May Infect Hotel POS Systems

Everyone has heard of the credit card skimmer devices that an unscrupulous individual, posing as say a waiter, may use to collect credit card information from an unsuspecting patron. This remote access trojan or RAT takes that idea one step further. It seems someone is selling a program to install into a hotels point of sale (POS) system to steal credit card numbers by taking screenshots of the check in terminals screen with the credit card and user details.

A remote access Trojan is being sold on underground forums to anyone willing to pay $280 (212 EUR) for it. For that price, the proud owner ends up with a malicious program that’s designed to steal credit card details from point of sale (POS) applications found in hotels.

Trojan that takes screenshots of Hotel POS Screens

Trusteer researchers found that the seller offers detailed instructions on how the Trojan works and how it can be installed. He even provides tips on how to social engineer the hotel employees in charge of the front desk to convince them to install it on the target computer.

Once the malicious software is installed, it steals credit card numbers and expiration dates by making screenshots of the POS application.

The worst part about this spyware is that it’s not detected by antivirus software, which means that it can perform its evil duties without being identified easily. Now this doesn't mean it may not be detected tomorrow. Antivirus software vendors update the virus signatures for their products sometimes multiple times a day. So, eventually this spyware will be caught, just as long as someone at the hotel decides to actually run a scan for it.

Here’s how the seller advertises his merchandise:

Hello all, I’m offering Hotel RATs. In other words: A virtual skimmer.

Benefits of a Hotel (Remote Access Trojan Connection) is an infected front desk computers on which the hotel has its software that reads the number on the cc and spits out the information on the screen and it’s keyloggable if you keylog every stroke.

I’m offering this method for $280, guaranteed US/Canada/UK connections and a method on how to obtain them on your own. From showing you how to setup your RAT (which includes a free crypt – fully undetectable to all Antiviruses) along with selling you the tutorial on how to Social Engineer/Manipulate the front desk manager on the phone via VoIP.

I can prove my legitimacy and the accuracy of this method. PM me if you are interested.

Unfortunately, this proves that when it comes to your credit card, you cannot trust anyone. That is why credit card holders are advised to follow best security practices and always keep a close eye on their financial assets and current purchases. Check your credit card purchases on a regular basis to make sure no fraudulent activity has happened.

Note: luckily it seems the software does have one bug, it isnt designed to grab the CVV2 number though, the 3 digit security code on the back of a card.

Search PCHell.com
site search by freefind	advanced

Remote Access Trojan Invades Hotel POS Systems

Links to Other Important Information