The Federal Bureau of Investigation (FBI) has discovered a new malware threat masquerading as an official software update that attempts to install itself through hotel internet Wi-Fi connections.
The department's Internet Crime Complaints Centre (IC3) reported discovering the malware on Tuesday and warned it is particularly dangerous for business travellers as it could help steal corporate data.
"Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travellers abroad through pop-up windows while establishing an internet connection in their hotel rooms," read IC3's statement.
"The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel internet connection."
The centre gave no further details about the malware's capabilities or which hotel chains' networks it has discovered the malware running on.
At the time of publishing neither the FBI nor IC3 have responded to V3's request for clarification.
Trend Micro security researcher Rik Ferguson said the attack method being used by the criminals was not new, but could certainly be successful.
"It is not unusual to find that your computer may be running an out-of-date version of one application or another that is necessary to view a particular web page at a given time. For this reason it provides perfect cover for distribution of malware," he told V3.
"Combining this tried and tested technique with the hotel wireless login scenario increases the credibility of the attack and makes it more likely to be successful. Users are on an unfamiliar network, with often unfamiliar access and login methods and the unexpected is often mistaken for normal behaviour."
The discovery follows on from recent research by Imperva suggesting hackers are evolving new ways to target companies' corporate data.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away