The Federal Bureau of Investigation (FBI) has discovered a new malware threat masquerading as an official software update that attempts to install itself through hotel internet Wi-Fi connections.
The department's Internet Crime Complaints Centre (IC3) reported discovering the malware on Tuesday and warned it is particularly dangerous for business travellers as it could help steal corporate data.
"Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travellers abroad through pop-up windows while establishing an internet connection in their hotel rooms," read IC3's statement.
"The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel internet connection."
The centre gave no further details about the malware's capabilities or which hotel chains' networks it has discovered the malware running on.
At the time of publishing neither the FBI nor IC3 have responded to V3's request for clarification.
Trend Micro security researcher Rik Ferguson said the attack method being used by the criminals was not new, but could certainly be successful.
"It is not unusual to find that your computer may be running an out-of-date version of one application or another that is necessary to view a particular web page at a given time. For this reason it provides perfect cover for distribution of malware," he told V3.
"Combining this tried and tested technique with the hotel wireless login scenario increases the credibility of the attack and makes it more likely to be successful. Users are on an unfamiliar network, with often unfamiliar access and login methods and the unexpected is often mistaken for normal behaviour."
The discovery follows on from recent research by Imperva suggesting hackers are evolving new ways to target companies' corporate data.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal