Travellers are being warned about an evil new form of malware that is targeting people who use free wifi at hotels around the world.
Notorious hackers the DarkHotel group, which have been targeting the IT systems of hotels for years are back with a new campaign which targets free wifi connections in hotels across the globe.
The attack starts by the hackers gaining access to the hotel wifi network. From there they launch a series of carefully targeted phishing and social engineering attacks on hotel guests.
The attack begins like many others with an email arriving in the inbox of the target.
However, rather than being sent out in bulk, the target is carefully selected with information obtained from the hotel’s reservation list.
The email which contains the malware, dubbed Inexsmar, is disguised as being from the hotel where the victim is staying, which helps to make the malicious email seem genuine.
The email includes an attachment named winword.exe that once downloaded starts to install a Trojan on the victim’s device.
However, in order to avoid detection, the Trojan is downloaded in stages. Experts say that hackers are using this new multi-stage approach as users become more tech savvy and knowledgeable about cyber security threats.
Researchers from BitDefender who discovered the malware say they are unsure why the attack has suddenly been launched and what hackers plan to do with the data they steal.
Speaking to ZDNet, Bogdan Botezatu from Bitdefender said: “The social engineering part of the attack involves a very carefully crafted phishing email targeted to one person at a time.”
“This approach serves their purpose much better as it both assures the malware stays up to date via system persistence — not achievable directly using an exploit, and giving the attacker more flexibility in malware distribution,” wrote malware researchers Cristina Vatamanu, Alexandru Rusu, and Alexandru Maximciuc.
While, the DarkHotel group appear to be targeting luxury hotels around the world, their intentions remain unclear. Researchers suspect the group has links to cyber espionage.