CRIMINALS ARE EXPLOITING hotel point of sale applications to siphon off travellers' credit card details.
Security firm Trusteer said it had found a pretty good trade in the technology in underground forums, adding that the check-in software represents a different target from home user computers.
The firm said that it had found the attack code for sale for around £200 in underground forums. The code uses a Trojan to take credit card information from guests via the hotel point of sale or check-in machine. Anyone that buys it will be given a package of information, including advice on how to get someone to install the spyware on the machine.
The Trojan uses spyware and a series of screengrabs to gather up personal and credit card information. Importantly, the spyware is not detected by anti-virus software.
According to Trusteer this is a good example of the way that attackers are changing their methods and looking at industries other than banking as sources of revenue.
"Criminals are increasingly expanding the focus of their attacks from online banking targets to enterprises," said Trusteer's CTO Amit Klein.
"One of the reasons for this shift is that enterprise devices can yield high value digital assets when compromised. In addition, the prevalence of bring your own device (BYOD) usage by employees makes it easier to infect unmanaged smartphones, tablets and laptops that are used to access sensitive enterprise systems and applications." µ