Malicious hackers have been using hotel Wi-Fi connections to infiltrate computers belonging to high-level executives traveling on business according to a new warning from security research firm Kaspersky Lab.
When a target checks into a hotel, the attacker waits until they log onto the hotel Wi-Fi using their room number and surname to authenticate. Once the attacker sees them in the compromised network, they trick the target into installing a backdoor – often disguised as a legitimate software update for programs like Adobe Flash, Google Toolbar or Windows Messenger.
Once on a system, the backdoor can be used to download more advanced stealing tools such as a digitally-signed advanced keylogger, the Trojan ‘Karba’ and an information-stealing module. These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords and other private data.
After the operation, the attackers carefully delete their tools from the hotel network and go back into hiding according to Kaspersky.
Dubbed “Darkhotel,” the practice has been going on for at least the last four years. No specific hotels were mentioned in the report although Kaspersky claims most of the security breaches have taken place in China, Japan, Russia, South Korea and Taiwan. Top executives from Asia and the US are among the most recent targets, we’re told.
Kaspersky warns travelers that any network, even a semi-private one like in a hotel, should be treated as potentially dangerous. Travelers are advised to use a VPN when accessing public or semi-public networks, regard software updates as suspicious and have the latest proactive protection in place.