Just because your hotel offers complimentary Wi-Fi, it doesn’t mean you have to take it. Hackers may be lurking, looking to compromise your computer, especially if you’re a high priority target staying at luxury hotels around the globe.
The DarkHotel hacker group has been active for more than 10 years, ZDNet explains, and they’re back with a new malware threat.
The hackers apparently target cherry-picked guests, including political targets, but also CEOs and high-ranking corporate officials.
The attack is conducted in stages. The Wi-Fi network is compromised at first, either by exploiting vulnerabilities in server software, or by getting physical access to a hotel’s infrastructure.
Once that’s done, the hackers use a series of phishing and social engineering tricks to infect targeted computers.
The new malware is known as Inexsmar, and the attack begins just like plenty of other phishing schemes: an email. However, the email is individually designed to be interesting and convincing to the target. So this isn’t your regular bulk phishing attack.
“The social engineering part of the attack involves a very carefully crafted phishing email targeted to one person at a time,” senior e-threat analyst at Bitdefender Bogdan Botezatu told ZDNet.
The email comes with a self-extracting archive page that begins the Trojan download. The malware payload isn’t delivered all at once, as the malware downloads it in steps, to avoid detection from the victim. A Word file may be opened on the computer to trick the user from looking at what else is happening on computer.
The multi-stage Trojan is an evolutionary step, researchers say, as it helps hackers avoid detection.
The DarkHotel group has been covering its tracks so well that researchers have no idea who they are or what their intentions might truly be. Given the complexity of the attacks, the researchers can’t ignore the possibility of this being a state-sponsored hack.
What are the hackers after? That’s a question the Bitdefender researchers can’t answer.