Cybercriminals are redirecting links on gaming sites and social media to fake Booking.com pages that host malicious CAPTCHA-like prompts. These scams leverage clipboard hijacking and PowerShell commands to infect devices with Remote Access Trojans like Backdoor.AsyncRAT. #Booking.com #BackdoorAsyncRAT
Keypoints
- Cybercriminals are deploying link redirects to fake booking sites on social media and gaming platforms.
- The fake CAPTCHA prompts attempt to hijack user clipboards to execute malicious commands.
- Infected systems run PowerShell commands that download and install Remote Access Trojans like Backdoor.AsyncRAT.
- The malicious campaign shifts URLs every two to three days to evade detection.
- Users can reduce risk by disabling JavaScript, using anti-malware solutions, and avoiding trusting unsolicited instructions online.