Criminals are infecting hotel business center computers with keylogger malware, according to a non-public advisory issued by the U.S. Secret Service on Thursday, and obtained and posted about on Monday by technology journalist Brian Krebs.
In a string of recent data breaches investigated by the Secret Service, attackers used a low-cost strategy to effectively obtain sensitive guest information, including credentials, according to Krebs, who quoted the advisory.
In some instances, the hackers registered as hotel guests using stolen payment cards in order to physically accessed the public computers. The crooks then downloaded the keylogger malware from personal Gmail accounts.
The attacks are not considered sophisticated and did not require much technical skill, according to the advisory, which adds that vulnerabilities were not exploited in browsers, operating systems or other software.
