A sophisticated malware campaign known as DarkHotel is using Wi-Fi networks at luxury hotels across the globe to track and attack executives at major companies. DarkHotel has existed since 2007 and continues to use hotel and business centers Wi-Fi networks today in order to provide the attackers with precise global scale access to “high value targets.”
Executives from the private equity, pharmaceutical and electronics manufacturing industries, and figures from law enforcement, military services and non-government organizations are among those who have been compromised by the campaign.
Kaspersky Lab was first to identify the threat and has seen infections in a wide range of countries, however 90% of the infections appear to be located in Japan, Taiwan, China, Russia and South Korea. The targets? Top executives from the US and Asia who are doing business and investment in the APAC region.
Kaspersky Labs says that overall, since 2008, the infection count numbers in the thousands and that is only set to grow. DarkHotel works when a victim connects to a hotel Wi-Fi network and downloads a piece of malware posing as an update to a major piece of software including Google Toolbar, Adobe Flash or Windows Messenger.
Once installed the malware can steal sensitive information from the victim’s laptop and can even be updated remotely to allow the criminals behind it to install even more advanced tools such as keyloggers that can steal passwords and login credentials.
Is there anyway around this? Yes, don’t use the network, instead equip travelers with cellular modems (hotspots) that allow the device to directly connect to the Internet, not going through the hotel portal and not using the (usually) unencrypted hotel Wi-Fi network.
Anything else? Yes, be sure to lock up your computer. If you leave your hotel room, you must put your computer in the safe or take it with you. Do not leave it in your room as hotel workers who have access to your room have been known to gain physical access to your laptop and install malware. Why steal anything and raise red flags when they can just gain access to your computer remotely and take what they need when they need it?