Initially made public by Kaspersky Labs[1], the DarkHotel APT (Advanced Persistent Threat) targets executive level business travellers in numerous industries. DarkHotel propagates when target users connect to hotel Wi-Fi networks, masquerading as legitimate software such as updates to Adobe Flash, Google’s Toolbar or Windows Messenger. Once DarkHotel has successfully infected a target system, it is used to further increase the attack vectors available via installation of additional tools such as keyloggers and other malware. The attackers then have the ability to collect system data (including installed anti-malware tools), collect keystrokes, find login credentials to well-known platforms (Facebook, Gmail, Twitter etc.) and scan the system for cached passwords.

The attacks appeared to be targeted at executives from Asia and the U.S. involved in business and investment in the Asia-Pacific region with most infections appearing in China, Japan, Russia, South Korea and Taiwan.

  1. https://www.kaspersky.com/resource-center/infographics/dark-hotel