The Darkhotel virus that has stolen sensitive data from high-profile individuals while they stayed in luxury hotels remains active, according to Kaspersky Lab.
The Darkhotel actor maintains an effective intrusion set on hotel networks, providing ample access, even to systems that were believed to be private and secure. — Photo Kaspersky Lab |
HCM CITY (Biz Hub) — The Darkhotel virus that has stolen sensitive data from high-profile individuals while they stayed in luxury hotels remains active, according to Kaspersky Lab.
The Darkhotel actor maintains an effective intrusion set on hotel networks, providing ample access, even to systems that were believed to be private and secure.
They wait until after check-in and after the victim connects to the hotel Wi-Fi network, submitting his room number and surname at the log-in.
The attackers see him in the compromised network and trick him into downloading the spy virus through what looks to be an update for legitimate software such as Google Toolbar, Adobe Flash or Windows Messenger or a hotel "welcome package".
Once on a system, the attackers can collect data about anti-malware software installed on it, steal all keystrokes. hunt for cached passwords in Firefox, Chrome and Internet Explorer; Gmail Notifier, Twitter, Facebook and Yahoo!, and Google log-in credentials and other private information.
Victims can lose all their sensitive information. After the operation, the attackers carefully delete traces of their work and melt into the background to await the next high profile individual.
Kurt Baumgartner, principal security researcher at Kaspersky Lab, said: "For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cyber-criminal behaviour.
"This actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision."
To prevent this attack, Kaspersky Lab said the public should choose a Virtual Private Network (VPN) provider, and when travelling should always regard software updates as suspicious as well as confirm that the appropriate vendor signed the proposed update installer.
Users should also make sure their internet security solution includes proactive defence against new threats rather than just basic anti-virus protection. — VNS