Trojan hits hotel payment apps

Powered by SC Magazine
 

Criminal underground peddles sub-$300 spyware installer.

Security researchers have discovered a trojan being sold on black market websites as a way to steal customer credit card information from hotels.

According to security firm Trusteer, the remote access trojan was being peddled in underground forums for $US280 ($A270).

The malware targets hotels' front-desk computers. Once installed, it downloads spyware that captures screenshots from point-of-sale (PoS) applications to sniff out credit card numbers and expiration dates.

Trojan sellers have also included guidance on how to use social engineering to trick front-desk clerks into installing the trojan.

Oren Kedem, director of product marketing at Trusteer, said the hospitality industry was a lucrative target because it dealt in valuable financial data.

Fraudsters may also find hotels soft targets because employees regularly received emails from unknown people, and could be tricked into opening malware-laden messages, he said.

"Hotels communicate with the public," he said. "If you're a hotel you open emails and communicate with people you don't know on a regular basis."

Kedem added that hotel employees often used unmanaged mobile devices that may not contain patches and anti-virus protections to stop new trojans.

Verizon Business' Data Breach Investigation Report has highlighted the hospitality and retail sector as a prime target of data thieves in recent years.

The report this year included data from the Australian Federal Police and highlighted an increase in automated attacks against PoS systems of small hospitality and retail businesses.

Copyright © SC Magazine, US edition


Trojan hits hotel payment apps
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 872

Vote