Hotels and colleges targeted by credit card thieves

Malware authors aim to pick off less tech-savvy targets in credit card sting

Security researchers are warning of a sharp rise in the infection rates of a Trojan designed to steal credit card details from targeted colleges and hotels.

The Troj/Trackr-Gen malware has been designed to scour Windows-based PCs looking for inadequately secured credit card details. Over the past week, security firm Sophos has detected a spike in the number of infections within the hospitality industry and education sector.

The PCI DSS data security standards have increased awareness over the need to encrypt any credit card details that are stored by organisations. But while many large enterprises may have made the changes, this has encouraged the crooks to seek other targets.

“It appears those behind it are trying to target organisations where the security may not be so tight,” said Graham Cluley, senior technology consultant at Sophos.

The malware scours infected computers for details such as the name of the credit card owner, account number, expiry date and CVV codes.

What makes it unusual, said Cluley, is that the malware does not contain instruction sets that would enable it to communicate any data it is able to pilfer beyond the host PC.

“We believe that means the authors will have hacked the machines in some other way to allow them to collect the information, or that they have people working in these organisations that may be able to harvest the stolen data,” he added.

The Troj/Trackr-Gen malware was first detected two years ago. The new variant being detected at colleges and hotels began showing up in the past week.