.jpg?tr=w-160%2Ch-90%2Cfo-auto)
iStock
The movements of executives appear to be tracked as they travel, allowing attackers to pounce once a victim logs on to a hotel Wi-Fi network. Hackers cover their tracks by deleting these tools from hotel networks afterward.
Business executives travelling in Asia are being targeted by a complex spying malware that is lurking in the Wi-Fi networks and business centres of their luxury hotels, the security firm Kaspersky Lab says.
The attacks have claimed thousands of victims dating back to 2009 and continue to do so,
Kaspersky's report details the scale, methods and precise targeting of these attacks on business travellers.
The movements of executives appear to be tracked as they travel, allowing attackers to pounce once a victim logs on to a hotel Wi-Fi network. Hackers cover their tracks by deleting these tools from hotel networks afterward.
"These attackers are going after a very specific set of individuals who should be very aware of the value of their information and be taking strong measures to protect it," said Kurt Baumgartner, principal security researcher for Kaspersky.
He said creating the malware would have required a well-financed, multiple-team effort by skilled hackers.
Unsuspecting executives who submit their room number and surname while logging on to their hotel room's wireless network are tricked into downloading an update for legitimate software such as Adobe Flash, Google Toolbar or Microsoft Messenger, Kaspersky said.
Kaspersky says the attackers have been active for at least seven years, conducting strikes against targeted guests at luxury hotels in Asia.
“Every day this is getting bigger and bigger,” says Costin Raiu, manager of Kaspersky’s global research and analysis team.
"They’re doing more and more hotels.”
The majority of the hotels that are hit are in Asia but some are in the U.S. as well.
Kaspersky will not name the hotels but says they’ve been uncooperative in assisting with the investigation.
Ninety per cent of the victims came from five locations: Japan, Taiwan, China, Russia and South Korea.
According to the Wired website, the cyber attacks show signs "of possibly emanating from an important U.S. ally: South Korea"
"Researchers point out that one variant of malware the attackers used was designed to shut down if it found itself on a machine whose code page was set to Korean. The key logger the attackers used also has Korean characters inside and appears to have ties to a coder in South Korea," Wired reported.
Kaspersky calls the software package used by hackers as Darkhotel. When transmitted through hotel Wi-Fi, the malware was deployed in such a precise way that the report concludes the attackers had to have access to check-in information such as the victim’s name, room number and expected arrival and departure times.
“The fact that most of the time the victims are top executives indicates the attackers have knowledge of their victims whereabouts, including name and place of stay.
"This paints a dark, dangerous web in which unsuspecting travellers can easily fall,” the report said.
Ninety per cent of the victims came from five locations: Japan, Taiwan, China, Russia and South Korea.
Business travellers to Asia from Germany, Hong Kong, Ireland and the United States have also been duped, Baumgartner added.
The Kaspersky report said a key mystery remains how attackers appear to know the precise travel itinerary of each victim, which points to a larger compromise of hotel business networks that researchers say they are continuing to probe.