Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in

Trojan sneaks into hotel, slurps guests' credit card data

No reservation required

John Leyden Thu 19 Apr 2012 // 07:27 UTC

Cyberooks are selling malware through underground forums which they claim offers the ability to steal credit card information from a hotel point of sale (POS) applications.

The ruse, detected by transaction security firm Trusteer, shows how criminals are using malware on enterprise machines to collect financial information in addition to targeting consumer PCs with banking Trojans and other nasties.

The hospitality industry attack involves using a remote access Trojan program to infect hotel front desk computers. The malware includes spyware components that steal credit card and other customer information by capturing screenshots from the PoS application. The malware is capable of stealing credit card numbers and expiration dates, but not CVV2 numbers in the sample Trusteer inspected.

The attack code is being offered for $280 in Visa underground forums. According to Trusteer, the price tag includes a guide configuring the malware and tips on how to trick front-desk managers into installing it.

The security biz added that at the time of publishing its blog on Wednesday, the malware had not yet been detected by any anti-virus application. More details on the malware – including a screenshot from the underground forum where it was offered for sale – can be found here.

Last week Trusteer warned about a ZeuS-based Trojan that targeted cloud-based payroll service providers. The transactions security firm reckon the hospitality industry malware it found on an underground forum is part of the same trend, involving the diversification of Trojan-based attacks away from traditional targets such as consumers and small business bank customers.

“Criminals are increasingly expanding the focus of their attacks from online banking targets to enterprises,” said Trusteer’s CTO Amit Klein. “One of the reasons for this shift is that enterprise devices can yield high value digital assets when compromised. In addition, the prevalence of bring your own device (BYOD) usage by employees makes it easier to infect unmanaged smartphones, tablets and laptops that are used to access sensitive enterprise systems and applications.” ®

22 Comments

Similar topics

Broader topics

Narrower topics

Other stories you might like

  • SpaceX launches first totally private mission to the International Space Station
    Saturday rendezvous planned for historic commercial orbit ride
    Katyanna Quach Fri 8 Apr 2022 // 23:12 UTC

    A retired NASA astronaut and three space tourists are right now tucked inside a SpaceX Dragon capsule above Earth for the first-ever purely commercial mission to the International Space Station.

    Flames billowed from the sky as the four-person crew were carried into space by a Falcon 9 rocket lifting off from NASA's Kennedy Space Center in Florida on April 8 at 1117 ET (1517 UTC). They are expected to arrive at their destination on Saturday at 1054 ET (1454 UTC) if all goes to plan.

    Michael Lopéz-Alegría, vice president of business development at Axiom Space and a former NASA astronaut, is flying on the first private flight. He is accompanied by Larry Connor, an American real estate magnate; Eytan Stibbe, an Israeli businessman and former fighter pilot; and Mark Pathy, Canadian CEO of investment firm Maverick.

    Continue reading
  • Google to sell replacement Pixel phone parts via iFixit
    Batteries, displays, cameras and more, apparently
    Brandon Vigliarolo Fri 8 Apr 2022 // 22:12 UTC

    In a nod to right-to-repair efforts, Google is partnering with iFixit to offer spare parts for its Pixel smartphones dating all the way back to 2017.

    Genuine Pixel parts will be in stock for iFixit customers in the US, UK, Canada, Australia, and EU countries that sell Pixels "later this year." Parts will be available for devices as old as the Pixel 2 through 2021's Pixel 6 Pro, "as well as future Pixel models," Google said today. 

    Available parts include "everything you need for the most common Google Pixel Repairs – batteries, displays, cameras and more," iFixit said. The repair howto site will be selling parts individually, and as part of its Fix Kits that include necessary pieces and tools needed to perform specific repair processes. 

    Continue reading
  • Apple iOS privacy clampdown 'did little' to reduce tracking
    Double-standard rules have strengthened iGiant's gatekeeper power
    Thomas Claburn in San Francisco Fri 8 Apr 2022 // 21:06 UTC

    Apple's ramp up in iOS privacy measures has affected small data brokers, yet apps can still collect group-oriented data and identify users via device fingerprinting, according to a study out of Oxford.

    What's more, the researchers claim, Apple itself engages in and allows some forms of tracking, which serve to strengthen its control over the iOS market.

    In a paper titled, "Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels," due to be published in June for the ACM Conference on Fairness, Accountability, and Transparency 2022, Oxford academics Konrad Kollnig, Max Van Kleek, Reuben Binns, and Nigel Shadbolt, with independent US-based researcher Anastasia Shuba, describe what they found after analyzing 1,759 iOS apps from the UK App Store, both before and after the introduction of iOS 14.

    Continue reading
  • Microsoft dogs Strontium domains to stop attacks on Ukraine
    Software giant sinkholes systems used by Russian gang
    Jeff Burt Fri 8 Apr 2022 // 20:29 UTC

    Microsoft this week seized seven internet domains run by Russia-linked threat group Strontium, which was using the infrastructure to target Ukrainian institutions as well as think tanks in the US and EU, apparently to support Russian's invasion of its neighbor.

    The seizure is also part of a long-running legal and technical hunt by Microsoft to disrupt the work of Strontium – aka APT28 and FancyBear, among other names – via an expedited court process that enables the company to quickly get judicial approval for such actions, according to Tom Burt, corporate vice president of customer security and trust at Microsoft.

    Before the latest seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia's foreign military intelligence agency. Microsoft obtained a court order for the most recent operation on April 6 and acted immediately.

    Continue reading
  • Newly released Space Force data could save life on Earth
    Goodness, gracious, lots of insights on great balls of fire
    Brandon Vigliarolo Fri 8 Apr 2022 // 20:04 UTC

    The US Space Force is publicly releasing nearly 30 years of data on fireball meteors in the hopes it can improve the detection and impact prediction of near-Earth objects (NEOs).

    The data contains information on bolides, classified as any meteor that has enough mass to become a fireball but not enough to cause a ground impact, several dozen of which happen each year.

    Data from NASA on bolides is publicly available, but the Space Force is adding light curve data to the mix, which the agency said has been greatly sought by the scientific community.

    Continue reading
  • Direct lithium extraction technique for greener batteries gains traction
    Special method for production gets cash injection from govt, vendors
    Dan Robinson Fri 8 Apr 2022 // 15:38 UTC

    New techniques for producing lithium could play a vital part in making batteries for applications ranging from smartphones to electric vehicles that are more environmentally friendly than current methods of extraction.

    According to a Reuters report, car makers, mining companies and investors including the US Energy Department are pouring money into direct lithium extraction (DLE) technologies that hold out the promise of boosting global lithium production, which is mostly sourced from just a handful of countries today.

    There are a number of DLE technologies which all revolve around extracting the metal from brine in various ways, such as using filters, membranes, or ceramic beads. These are touted as more sustainable solutions than existing ways of obtaining lithium, such as pumping lithium-containing saltwater from underground lakes to the surface in desert areas of Chile or Argentina, and extracting it through evaporation in large basins.

    Continue reading

Biting the hand that feeds IT © 1998–2022

Your Consent Options Cookies Privacy Ts&Cs