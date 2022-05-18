Years ago, readers of electronic DNIs and other identification cards had their moment of glory. Currently, they are usually more used by people who work in an administrative position or related to the government and the army, but as a general rule, it is rare to find this type of device at home. In the United States, there are millions of people who work in the government and use them daily, although many of them must purchase readers on their own, especially for remote work.

The problem comes when an approved or reliable reader or device is not used, since we can find ourselves with some unpleasant surprises. And it is that one of Amazon’s best-selling and most-rated ID card readers could cost us a lotsince it has been possible to detect the presence of malware in its drivers.

A purchase that could have gone very wrong

These readers can read all types of identification cards, essential in many areas to access physical places or even government computer systems. However, as Brian Krebs, author of the KrebsOnSecurity medium, has been able to find out, the drivers compatible with a fairly popular card reader on Amazon contain the malware known as ‘Ramnit’.





The card reader belongs to the firm Saicoo, and an anonymous user notified Krebs about the threat that this device could present on our computers. When he connected the reader to his Windows 10 PC, the system warned you about a problem in the device driversrecommending that you visit the manufacturer’s website to download the latest drivers.

Obtaining the drivers in a ZIP file, as a prevention method, the user uploaded the file to Virustotal to find out if everything was in order. Nothing further from it. Many of the files contained in the ZIP contained a Trojan known as ‘Ramnit’. This has been around for more than a decade, but it has been evolving, and in fact it is still being used in dangerous information theft attacks.

Downloading drivers externally can be a risky sport



Saicoo’s response to the user. Image: KrebsOnSecurity

After knowing the risk, this user contacted the manufacturer via e-mail, but Saicoo’s answer didn’t help him at all. The manufacturer denied the existence of this malware, alleging that it was not necessary to install additional drivers, and that this problem was probably caused by the defense system of its own computer.

Virustotal detected up to 43 corrupt files. As could be verified Will Dormananalyst at CERT/CC, most of the infected files were HTML, proof that the manufacturer’s website was hacked at some point And they probably didn’t realize it. Dorman added that searching for drivers today can be “very dangerous,” especially when dealing with an unreliable manufacturer.

The fact that this malware is found in the drivers of a card reader is a serious security risk, since, as we have mentioned before, the vast majority of people who use them are affiliated with the government or the military. As noted in the Krebs blog, in the case of the United States there is a list of manufacturers of PACS components (Physical Access Control System Components) approved by the government. Saicoo is not in the listbut perhaps it would have been of great help to the user to have had this list more accessible when purchasing their card reader.