DarkHotel, a hacking group that has been active for more than a decade, continues to target business travelers using Wi-Fi at luxury hotels around the world.
Cybersecurity experts believe the hackers exploit vulnerabilities in the software of hotels' servers to infect Wi-Fi users' devices with the new malware called Inexsmar. After a user's computer or mobile device is infected with the malware, DarkHotel individually designs a phishing email crafted for that specific user. The criminals use social engineering tricks to make the email look "convincing and interesting to the target." Cybersecurity experts believe the campaign may target political and governmental figures.
Once the self-extracting archive package contained in the email is executed, it opens a decoy Word document and begins downloading the trojan. To avoid detection, the malware downloads in stages and hides malicious code in genuine code. Because the malware is so complex, some cybersecurity experts believe DarkHotel could be state-sponsored. "Hackers are Attacking WiFi of Hotel with a Particular Evil Malware," www.spamfighter.com (Jul. 27, 2017).