Researchers have developed a prototype malware that could gain access Smart Card Readers.
Much like the Sykipot Trojan that hijacked the US Department of Defence, this new method of attack could potentially not only access restricted resources but also go one step further and use a bank or ID card as if they had it in their possession. The attack on the US Department of Defence used a smart card proxy attack that targeted specific computers that ran ActivClient software. The new malware could obtain remote access to via USB smart card readers if they were linked to a compromised PC.
The good thing is that nearly all smart card readers come with a 2 factor authentication feature. The bad thing is that this malware comes with a key logging component. If the password details had been entered into a PC linked to an infected Smart Card Reader the logging component would be able to steal this data.
In terms of tracing this type of attack, it would be possible if the drivers used to create the malware were not digitally signed. The attack however would be difficult to detect if stolen digital certificates had been used, or if another malware was used in conjunction that disables driver signing policy.