Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Hackers are targeting hotel Wi-Fi with particularly evil malware

tao

By tao
in Security & Privacy News

Recommended Posts

tao

tao

Posted
Posted

Just because your hotel offers complimentary Wi-Fi, it doesn’t mean you have to take it. Hackers may be lurking, looking to compromise your computer, especially if you’re a high priority target staying at luxury hotels around the globe.

 

The DarkHotel hacker group has been active for more than 10 years, ZDNet explains, and they’re back with a new malware threat.

 

The hackers apparently target cherry-picked guests, including political targets, but also CEOs and high-ranking corporate officials.

 

The attack is conducted in stages. The Wi-Fi network is compromised at first, either by exploiting vulnerabilities in server software, or by getting physical access to a hotel’s infrastructure.

 

Once that’s done, the hackers use a series of phishing and social engineering tricks to infect targeted computers.

 

The new malware is known as Inexsmar, and the attack begins just like plenty of other phishing schemes: an email. However, the email is individually designed to be interesting and convincing to the target. So this isn’t your regular bulk phishing attack.

 

“The social engineering part of the attack involves a very carefully crafted phishing email targeted to one person at a time,” senior e-threat analyst at Bitdefender Bogdan Botezatu told ZDNet.

 

The email comes with a self-extracting archive page that begins the Trojan download. The malware payload isn’t delivered all at once, as the malware downloads it in steps, to avoid detection from the victim. A Word file may be opened on the computer to trick the user from looking at what else is happening on computer.

 

The multi-stage Trojan is an evolutionary step, researchers say, as it helps hackers avoid detection.

 

The DarkHotel group has been covering its tracks so well that researchers have no idea who they are or what their intentions might truly be. Given the complexity of the attacks, the researchers can’t ignore the possibility of this being a state-sponsored hack.

 

What are the hackers after? That’s a question the Bitdefender researchers can’t answer.

 

< Here >

Link to comment
Share on other sites
  • Replies 7
  • Views 745
  • Created
  • Last Reply
virge

virge

Posted
Posted

 

Any public Wi-Fi is dangerous, data is not encrypted. Simple rule: NEVER EVER use free wifi period .That email, post, web site you need to check can wait.

 

Link to comment
Share on other sites
Holmes

Holmes

Posted
Posted

If you need to use the internet use your mobile network it is secure compared to the free public wifi.

Link to comment
Share on other sites
straycat19

straycat19

Posted
Posted
9 hours ago, virge said:

 

Any public Wi-Fi is dangerous, data is not encrypted. Simple rule: NEVER EVER use free wifi period .That email, post, web site you need to check can wait.

 

 

5 hours ago, Holmes said:

If you need to use the internet use your mobile network it is secure compared to the free public wifi.

 

You guys sound a little paranoid.  With all the talk about security on this forum and security software that everyone is running (or should be) on their computers why would you be so concerned with public wifi.  You can use  security sofware such as Shadow Defender, SandBoxie, and Software Restriction Policies that you use at home  on your laptop when traveling that will ensure your security.  My favorite has always been Software Restriction Policies and SandBoxie if I am not operating in a VM.  SRPs ensure nothing can run on my system that I don't allow and SandBoxie lets me run programs in an environment separate from my OS.  If you use a VM you set it up with all the software you use and make a backup of the VM folder.  I do this because every time I run it I delete the folder it was running from and copy the original VM folder back to it.  So anything that did manage to get into the VM is no longer a concern.  Also note that I don't create any connections to devices on the host machine, such as flash drives or external USB drives.  If you create those holes in the VM then you defeated the purpose of using it.  And if you are really paranoid try running SandBoxie in a VM that also has Software Restriction Policies.

Link to comment
Share on other sites
tiliarou

tiliarou

Posted
Posted
6 hours ago, Holmes said:

If you need to use the internet use your mobile network it is secure compared to the free public wifi.

You generally use public wifi when mobile network is NOT available, like when you are roaming in an airport or a foreign country.

This is precisely why it's not a solution not to use free wifi at all...

 

Straycat is perfectly right, you have to secure your device beforehand, use sandboxing, VM or at least a VPN. On mobile OS like android and ios it's a bit more tricky but still feasible, especially with root and xposed or magisk on android (firewall, execution policy, device id/MAC tricking technics...)

Link to comment
Share on other sites
Holmes

Holmes

Posted
Posted

I know that I was just giving a general statement saying using the mobile network is secure compared to using a public wifi with no security unless someone mimics a cell phone tower.

Link to comment
Share on other sites
rerigam

rerigam

Posted
Posted
11 hours ago, straycat19 said:

 

 

You guys sound a little paranoid.  With all the talk about security on this forum and security software that everyone is running (or should be) on their computers why would you be so concerned with public wifi.  You can use  security sofware such as Shadow Defender, SandBoxie, and Software Restriction Policies that you use at home  on your laptop when traveling that will ensure your security.  My favorite has always been Software Restriction Policies and SandBoxie if I am not operating in a VM.  SRPs ensure nothing can run on my system that I don't allow and SandBoxie lets me run programs in an environment separate from my OS.  If you use a VM you set it up with all the software you use and make a backup of the VM folder.  I do this because every time I run it I delete the folder it was running from and copy the original VM folder back to it.  So anything that did manage to get into the VM is no longer a concern.  Also note that I don't create any connections to devices on the host machine, such as flash drives or external USB drives.  If you create those holes in the VM then you defeated the purpose of using it.  And if you are really paranoid try running SandBoxie in a VM that also has Software Restriction Policies.

Who sound a little paranoid? ahahah

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...