A remote access Trojan is being sold on underground forums to anyone willing to pay $280 (212 EUR) for it. For that price, the proud owner ends up with a malicious program that’s designed to steal credit card details from point of sale (POS) applications found in hotels.
Trusteer researchers found that the seller offers detailed instructions on how the Trojan works and how it can be installed. He even provides tips on how to social engineer the hotel employees in charge of the front desk to convince them to install it on the target computer.
Once the malicious element is installed, it steals credit card numbers and expiration dates by making screenshots of the POS application.
The worrying part about this spyware is that it’s not detected by antivirus software, which means that it can perform its malevolent duties without being identified easily.
Here’s how the seller advertises his merchandise:
Hello all, I’m offering Hotel RATs. In other words: A virtual skimmer.
Benefits of a Hotel (Remote Access Trojan Connection) is an infected front desk computers on which the hotel has its software that reads the number on the cc and spits out the information on the screen and it’s keyloggable if you keylog every stroke.
I’m offering this method for $280, guaranteed US/Canada/UK connections and a method on how to obtain them on your own. From showing you how to setup your RAT (which includes a free crypt – fully undetectable to all Antiviruses) along with selling you the tutorial on how to Social Engineer/Manipulate the front desk manager on the phone via VoIP.
I can prove my legitimacy and the accuracy of this method. PM me if you are interested.
Unfortunately, this proves that when it comes to your credit card, you cannot trust anyone. That is why credit card holders are advised to follow best security practices and always keep a close eye on their financial assets.