Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Summary: Microsoft has reported an ongoing phishing campaign titled Storm-1865, targeting the hospitality sector by posing as Booking.com to distribute credential-stealing malware through a social engineering technique known as ClickFix. This operation aims to facilitate financial fraud and theft, affecting individuals primarily in North America, Asia, and Europe. As the technique grows in popularity, it demonstrates a tactical evolution in phishing attacks, complicating defenses against traditional malware distribution methods.

Affected: Microsoft, Hospitality Sector, Booking.com Users

Keypoints :

• Storm-1865 has been active since December 2024, employing ClickFix to execute malware under the guise of fixing a non-existent issue.
• The phishing emails trick victims into executing a command that downloads various types of malware, including XWorm and VenomRAT.
• ClickFix is also being utilized by other threat groups, showing its effectiveness in social engineering and malware deployment.