Next time you’re in a hotel which boasts free access to its Wi-Fi network, you should probably stop and think twice.
Hackers may be lurking, looking to compromise your computer, especially if you’re a high priority target staying at luxury hotels around the globe.
According to the report, the DarkHotel hacker group has been active for more than 10 years, and they’re back lurking with a new malware threat.
However, it appears as if the hackers are meticulously selecting their targets which seem to include not only political targets but also other individuals which hold high ranking positions in companies.
Based on this information it seems to be clear that the attacks are specifically designed and motivated against people from which the hacker group wish to obtain information rather than just ordinary people’s bank information. However, just because this specific hacker group is not going to use their tactics against you doesn’t mean that copycats won’t use the same method to obtain bank information from you in the future; think twice before joining your hotel’s Wi-Fi network.
The attack is conducted in stages. The Wi-Fi network is compromised at first, either by exploiting vulnerabilities in server software, or by getting physical access to a hotel’s infrastructure.
Once that’s done, the hackers use a series of phishing and social engineering tricks to infect targeted computers.
This new malware is known as Inexsmar, and is reported to begin in a similar way to regular phishing schemes – email. However, these isolated attacks are not “your regular bulk phishing attack”. The attacks are individually designed for each individual target which undoubtedly makes them more appealing and convincing to open.
“The social engineering part of the attack involves a very carefully crafted phishing email targeted to one person at a time,” senior e-threat analyst at Bitdefender Bogdan Botezatu told ZDNet.
The email comes with a self-extracting archive page that begins the Trojan download. The malware payload isn’t delivered all at once, as the malware downloads it in steps, to avoid detection from the victim. A Word file may be opened on the computer to trick the user from looking at what else is happening on computer.
“The multi-stage Trojan is an evolutionary step”, researchers say, as unlike other common Trojan viruses, it helps avoid detection from the victim.
Until now, the DarkHotel group has reportedly been keeping a tight cover of its own identity and intentions.
Given the complexity of the attacks, the researchers can’t ignore the possibility of this being a state-sponsored hack.