Everybody nowadays counts with a hotel that can provide good WiFi service to keep their mail updated, to run their business, to contact their family members, to purchase tickets and numerous other crucial tasks when traveling. However, the criminals also had the same necessities and discovered that they could make money by monitoring the activities performed by hotel customers while traveling. This is why the DarkHotel malware was developed. DarkHotel is a campaign to deliver malware and spear-phishing spyware to targeted business hotel customers via the WiFi network provided to the customers. Although the majority of the attacks had occurred in Japan, there were reports from victims in the US, Germany, Ireland, HongKong, China, Taiwan, South Korea, Russia, India and Indonesia.
The DarkHotel attack is made possible when the victims accept to install an update to a well-used software suite like the Windows Messenger or Adobe Flash, as soon as they access the Internet, which has the DarkHotel code bundled to its installation wizard. The DarkHotel code, by installing other threats on the infected computer can spread itself to other devices, monitor, collect and transmit data on the computer users' activities on their keyboard, gain persistence to contact the infected machine in the future, collect data from the computer users' hard drives, detect the security software installed and running on the machine, and erase any traces of its presence when the attack is successful.
The DarkHotel attack is a clear signal that anyone that will deal with confidential data should avoid using public WiFis since it is now insecure even in the privacy of your hotel room.