Brits going on their summer holidays have been warned that an evil new malware is targeting those whose use free Wi-Fi at hotels across the globe.
The DarkHotel group have been carrying out cyber crimes for over a decade, targeting travellers worldwide with malware attacks.
But now they’re back with a new threat that compromises free Wi-Fi hotspots at hotels.
The attack begins with a Wi-Fi network being compromised either by exploiting server vulnerabilities or gaining access to the hotel’s infrastructure.
Hackers then begin a series of phishing and social engineering tricks that infect targeted computers.
The malware, dubbed Inexsmar, begins like many others of its kind with an e-mail that arrives in the victims’ inbox.
However, these messages are individually designed to convince the target of its authenticity.
So, unlike other bulk phishing scams – it’s tailor made for the target.
Speaking to ZDNet, senior e-threat analyst at Bitdefender Bogdan Botezatu said: “The social engineering part of the attack involves a very carefully crafted phishing email targeted to one person at a time.”
The e-mail also comes with a self-extracting archive package called winword.exe that starts off the Trojan download.
But the malware is not all delivered at once – it is instead downloaded in steps to avoid detection from the victim.
Experts have said this multi-stage Trojan download is an evolution of malware as people become more tech-savvysavy and aware of how to protect themselves
Malware researchers Cristina Vatamanu, Alexandru Rusu, and Alexandru Maximciuc said: “This approach serves their purpose much better as it both assures the malware stays up to date via system persistence — not achievable directly using an exploit, and giving the attacker more flexibility in malware distribution.”
The hackers are targeting luxury hotels around the world, but their intended victims are unclear.
Over the weekend, users of smartphones that use the leading Google mobile OS were warned about a malware that can steal credit card and online banking details.
The specialised nature of the phishing scam points towards government and political targets, but researchers are not entirely clear on this.
Neither are they clear about the reason behind the scam and what the cybercriminals are planning to do with the stolen data.
The warning comes after Android users have been alerted over a slew of malware threats.
BankBot can bring up fake credit card entry and internet banking login screens to steal users’ sensitive data.
At first BankBot was just targeting users in Turkey, but now cybercriminals are targeting innocent people in the UK and US.
The malware infects an Android device and then gains administrative privileges before removing the icon of the app that infected it.
It tricks users into thinking the app that infected their device has been deleted, but in actual fact it is still working in the background.
BankBot is capable of spying on any SMS sent, and can also collect sensitive credit and debit card information.
Security experts have previously said Bankbook has compromised over 400 apps found on the Google Play Store.