Cybercriminal group TA558, associated with RevengeHotels, has launched sophisticated phishing campaigns targeting the hospitality industry in Latin America using AI-generated scripts and malware. These attacks aim to steal credit card data by delivering Remote Access Trojans like Venom RAT, with evolving tactics to bypass security measures. #RevengeHotels #VenomRAT
Keypoints
- TA558 is responsible for recent attacks delivering various RATs to hotel and tourism organizations.
- The campaigns use AI-generated phishing emails with invoice and reservation themes in Portuguese and Spanish.
- The Venom RAT includes anti-kill features, persistence mechanisms, and the ability to spread via USB drives.
- RevengeHotels has refined its tactics over time, utilizing LLMs to enhance phishing lure generation and malware deployment.
- The main goal of these campaigns is to steal credit card data from hotel guests and online travel agency customers.
Read More: https://thehackernews.com/2025/09/ta558-uses-ai-generated-scripts-to.html