Spyware found on hotel check-in computer, guest information screenshotted and leaked online
At least three
PCTattletale leaks victims' screen recordings to entire Internet - Eric Daigle
https://www.ericdaigle.ca/pctattletale-leaking-screen-captures/
Spyware found on US hotel check-in computers | TechCrunch
https://techcrunch.com/2024/05/22/spyware-found-on-hotel-check-in-computers/
The spyware found in the check-in system of Wyndham Destinations hotels is called 'pcTattletale'. It has also been revealed that pcTattletale was continuously taking screenshots of the reservation system, which contained the customer information of guests. In addition, because pcTattletale had a security flaw, the screenshots were available to anyone on the Internet, not just the attacker.
This is the latest case of pcTattletale's own security flaws resulting in the unintentional leaking of confidential information. pcTattletale has previously leaked screenshots taken on devices where it was installed . TechCrunch noted that 'modern spyware has a history of leaking confidential information of device owners without their knowledge due to security bugs or misconfigurations.'
pcTattletale is a spyware that allows users to remotely view data on the Android or Windows device on which it is installed, from anywhere in the world. The developers of pcTattletale explain that 'pcTattletale runs invisibly in the background of the workstation, making it impossible for users to detect.'
However, a security bug in pcTattletale allows anyone who understands how the bug works to download screenshots taken by pcTattletale directly from the pcTattletale server.
Security researcher Eric Daigle discovered that pcTattletale had been installed on the Wyndham Destinations hotel check-in system. He tried to warn pcTattletale about the problem, but the developer did not respond, and the bug remains unfixed at the time of writing.
Daigle pointed out the existence of a bug in pcTatttale on his blog, but the details of the bug were not disclosed at the time of writing because the developers of pcTatttale have not fixed the bug. This is a measure to prevent malicious actors from exploiting the bug.
Daigle said pcTattletale takes screenshots of the device the app is running on periodically, or every few seconds.
TechCrunch received a leaked screenshot from pcTattletale's server from Daigle, which was a page on the SABRE web portal that displays the guest's name and reservation details. The page also appears to display a portion of the credit card number used by the guest to pay. Daigle also provided TechCrunch with a screenshot of the logged-in state of the management portal of the hotel reservation site Booking.com .
It is unclear who planted pcTattletale in the Wyndham Destinations check-in system, or how they installed it. TechCrunch suggests that two possibilities are at play: 'a hotel employee may have been tricked into installing the spyware' or 'the hotel owner may have installed it to monitor the behavior of employees.'
One of the hotel managers who had pcTattletale installed told TechCrunch that he had no idea that pcTattletale was installed on the system. Rob Myers, a spokesman for Wyndham Destinations, said only that 'Wyndham Destinations is a franchise organization and all hotels in the United States are independently owned and operated.'
Booking.com spokesperson Angela Cavies said, 'Unfortunately, some of our accommodation partners have been the target of highly convincing and sophisticated phishing tactics, enticing users to click links or download attachments outside of our systems, installing malware on their devices, and in some cases leading to unauthorized access to Booking.com accounts. These bad actors impersonate our partners and Booking.com in very convincing ways, demanding payment from customers in violation of our reservation confirmation policies.' The company acknowledged that hotels using Booking.com have been the target of cyber attacks . However, it is unclear whether pcTattletale is related to this attack, and Booking.com is also investigating.
Related Posts:
in Security, Posted by logu_ii