Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

IC3 Warns Travelers of Malware Threat via Hotel Internet Connections

International Travelers Warned of Threats via Hotel Connections – “The Malware Hotel—You can check in, but you can’t check out!

International Travelers Warned of Threats via Hotel Connections – “The Malware Hotel—You can check in, but you can’t check out!

Frequent travelers are likely all-too-familiar with the login screens presented in order register for Internet service when staying at Hotel. When connecting to a hotel Internet connection, it’s common that Web browsers auto-launch to a specific page in order to enable a hotel guest to self-register for service, even when it’s offered free of charge.

IC3 Alert for Hotel Internet ConnectionsAccording to an intelligence notice issued by the Internet Crime Complaint Center (IC3) on Tuesday, recent analysis from the FBI and other government agencies has shown that some international hotels have been serving up malicious pop-ups to visiting guests as they attempt to get connected to the Internet, resulting in end users being infected with malware.

“Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections,” the alert stated. “In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop.”

The alert did not specify what countries the threat was seen, or name any specific hotel or hotel chain.

“This warning is targeted to academics and government officials traveling abroad because state-sponsored actors use the malware installed via these networks to steal intellectual property and/or government secrets,” Rob Rachwald, Director of Security Strategy at Imperva told SecurityWeek.

“There are two obvious scenarios here: either the hotel Internet system was compromised or they had an insider at the hotel who would selectively change the popup,” opined Alex Lanstein, a network/systems architect at FireEye. “I bet they compromised the login system to add the popup.”

Along with the alert, the FBI provided some advice in order to help minimize risk when connecting to the Internet via hotel networks, though the advice can apply when connecting through any public network, such as a coffee shop or airport.

• All government, private industry, and academic personnel who travel abroad should take extra caution before updating software products on their hotel Internet connection.

• Travelers should check the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack.

• Travelers should perform software updates on laptops immediately before traveling,

• If possible, download software updates directly from the software vendor’s Web site if updates are necessary while abroad.

“Some companies now have policies where employees who travel abroad travel with a disposable laptop (or they go off the grid) to ensure that no IP or secrets available on their machines are stolen,” Rachwald added.

In his words, Rachwald humorously described this scenario as “The Malware Hotel—You can check in, but you can’t check out!”

While this particular alert is focused on hotels located abroad, it’s important to keep in mind that the same scenario could easily occur in the United States or in any country.

The IC3 asks that anyone who believes they have been a target of this type of attack should immediately contact their local FBI office, and promptly report it to the IC3’s website. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Related: How Logging On From Starbucks Can Compromise Your Corporate Security

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Avast and Bitdefender have released decryptors to help victims of BianLian and MegaCortex ransomware recover their data for free.