Darkhotel, a potentially devastating piece of malware that specifically targets high-profile corporate players, has been discovered by Kaspersky Lab’s security experts.
Darkhotel attacks started at least four years ago, according to the antivirus producer, and are as devious as they are carefully planned and executed.
Top executives from various American and Asian corporations who travel to the Asia-Pacific region to conduct business have reportedly had their devices infected by Darkhotel. It maintains illegal control over Wi-Fi networks, which are believed to be private and secure by luxury hotels and their customers. Such establishments are frequently used by people holding sensitive, precious data on their devices.
Once connected to vulnerable networks using banal log-in credentials like room numbers and surnames, the victims may as well slap bull’s eyes on their backs. But to obtain complete access to info stored on targeted machines, the unidentified hackers behind the Darkhotel plague need to trick the potential victim into installing a backdoor. That’s easy as pie, as Darkhotel dupes targets into running what appear to be legit software updates for Adobe Flash, Google Toolbar, or Windows Messenger.
The true deviousness of this threat is the fact that it works in the background, stealing everything from cached Firefox, Chrome, or IE passwords, to random keystrokes without alerting the infected user to its presence.
The malware is then removed remotely, and Darkhotel’s handlers begin to wait for a new target. Scary stuff, especially as Darkhotel’s handlers are believed to have “operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”
In other words, we’re dealing with a baddie whose powers of destruction are quite formidable, to say the least.
Don’t think you’re safe just because you’re not rich or in an executive position at a multinational corporation. Apparently, Darkhotel occasionally goes after lower-profile individuals, and its malicious activity is sometimes inconsistent.
Of course, there are ways to keep yourself protected. The simplest approach is to just stay away from public, and semi-public Wi-Fi networks. If that’s not an option, and you need to be online at all times, be sure to use Virtual Private Network (VPN) services to mask your activities and data.
Most importantly, never, ever, ever open any apps or downloads if you’re not 100 percent sure that they’re supplied by reliable, and trusted software makers.
Last but not least, you should install, run, and update strong Internet security apps as often as possible.
The below video from Kaspersky Lab briefly sums up the threat posed by Darkhotel.