The malware is downloaded when users try to update software while using their hotel’s internet connection, according to an intelligence note by the US Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.
Once connected to the internet, users receive a pop-up window that notifies them that a widely used software product needs to be updated. If they click to download the update, malware is installed instead.
The FBI is recommending that government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel internet connection. Users should check the author or digital certificate of any update prompt to see if it corresponds to the software vendor.
The FBI is also recommending that users update their software before they travel and that they download software updates directly from the software vendor’s website if updates are necessary while traveling abroad.
Anyone who believes they have been a target of this type of attack should contact their local FBI office and report it to the IC3's website. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.