The FireEye security team found several documents with malware in several emails sent to "some companies working in the hotel industry, including hotels in at least 7 European countries and 1 Middle Eastern country in early July.
This document contains a macro that will pair GAMEFISH malware, which is usually associated with a politically motivated Russian hacker group named APT28 or FancyBear. The group is thought to be the mastermind behind the attack on the Democratic National Committee before the US presidential election last year.
Once the GAMEFISH malware is installed, reportedly, this hacking group will use EternalBlue, which is obtained from the US National Security Agency (NSA).
According to FireEye, EternalBlue exploits allow hackers to access all the computers connected to the hotel WiFi and secretly collect usernames and passwords even if the victim never typed in their credentials.
This is a new technique, says Ben Read of FireEye on Wired. "It's a much more passive way to collect people's data.You just sit down and you can tap information from WiFi traffic."
This security group warns travelers against this threat when visiting hotels in other countries, although unsafe WiFi is usually not just in the hotel. "Publicly accessible WiFi networks have a high enough risk and should be avoided," wrote Ben Read and Lindsay Smith.