In a discreet advisory distributed by the US Secret Service, owners of various hotel businesses have been quietly cautioned of the on-going incidents of malware slingers that are progressively focusing on PCs in hotel business centers in order to gather sensitive information.
In a secret, non-public advisory, which was issued last Thursday and publicized by cyber security expert Brian Krebs on his website, law enforcement authorities have arrested affiliates of a criminal gang that is blamed for installation of data-swiping programs in PCs on various hotel hot work areas in the Dallas/Fort Worth region.
As per the advisory:
"The suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software”.
"The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors' email accounts. The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center's computers."
Reportedly, the criminals behind the act did not find it important to carry their malware with them on a USB stick or CD. Rather they supposedly stored the malware in the cloud, and essentially downloaded it onto the targeted hotel PCs.
"It’s easy to imagine how such a boobytrapped computer might outwit a holiday maker, or could even be used in targeted attacks if a particular business conference was being held at the hotel”.
Security Blogger Graham Cluley
He further states that despite the fact that some computers may not permit anybody to log in with Administrator rights, there is still no guarantee that a Windows PC can’t be “infected by malware”.