Corporate executives traveling in Asia may need to be extra cautions the next time they connect to a hotel’s Wi-Fi network — that is, if they haven’t already been hacked.A seven-year-old cyber espionage campaign has targeted senior level executives from large global companies by using a specialized Advanced Persistent Threat (APT), zero-day exploits, and well-developed keyloggers to extract information from them when they stay in luxury hotels during their business trips.
Over the last four years, malicious hackers have been stealing data from company executives while they stay in luxury hotels in an attack known as “Darkhotel,” security research firm Kaspersky Lab revealed on Monday. The hackers gain access to executives’ computers when they connect to a hotel’s wireless Internet, the report said, though no specific hotels are named.
When the target executives connect their devices to the hotel’s Wi-Fi or wired Internet access, they are shown bogus software updates, typically something that looks legitimate, for Adobe Flash, Google Toolbar, or Windows Messenger. But these updates also contain a type of malware called a Trojan dropper bundled with more malware.
[The hackers] wait until, after check-in, the victim connects to the hotel Wi-Fi network, submitting his room number and surname at the log-in. The attackers see him in the compromised network and trick him into downloading and installing a backdoor that pretends to be an update for legitimate software – Google Toolbar, Adobe Flash or Windows Messenger. The unsuspecting executive downloads this hotel “welcome package,” only to infect his machine with a backdoor, Darkhotel’s spying software,Kaspersky labs explains.
“The mix of both targeted and indiscriminate attacks is becoming more and more common in the [Advanced Packaging Tool] scene,” said Kurt Baumgartner, principal security researcher at Kaspersky Lab. “Targeted attacks are used to compromise high-profile victims and botnet-style operations are used for mass surveillance or performing other tasks such as [distributed denial-of-service attacking] hostile parties or simply upgrading interesting victims to more sophisticated espionage tools.”
The DarkHotel malware operating group have also recently stolen third-party certificates to sign their malware.
In order to protect your device, the easiest way for you is to avoid connecting to hotel Wi-Fi networks or to any other public or untrusted networks, and instead, use your mobile device hotspot to get access to the Internet.