Summary: Cybercriminals are deceiving hotel and hostel workers into downloading credential-stealing malware by impersonating Booking.com, as part of a phishing campaign that began in December 2024. The campaign exploits human problem-solving behaviors through a technique called “ClickFix,” prompting users to execute malicious commands. Microsoft attributes this activity to the Storm-1865 group, which has a history of similar phishing attacks targeting the hospitality and e-commerce sectors.
Affected: Booking.com, hospitality workers in North America, Southeast Asia, and Europe
Keypoints :
- Cybercriminals impersonate Booking.com to trick hotel and hostel workers into downloading malware.
- The “ClickFix” method involves fake error messages prompting users to run malicious commands.
- Several malware strains, including XWorm and VenomRAT, are used to steal financial information and credentials.
Source: https://therecord.media/booking-phishing-hotels-malware-campaign