Phishy Business: Booking.com Scam Hooks Hotels and Guests Alike!
Cybercriminals infiltrated Booking.com partner accounts, unleashing chaos with a sophisticated malware campaign. Using social engineering, they tricked hotel staff into executing commands that installed the PureRAT remote access Trojan. Victims were duped into paying twice for their hotel stays. The campaign highlights the increasing professionalization of cybercrime targeting the travel industry.
Hot Take:
Well, it seems like the cybercriminals have been busy checking into the “Hotel California” of phishing schemes. You can check out anytime you like, but you can never leave without paying twice! With hotels being a prime target, maybe it’s time to pack some extra cybersecurity measures along with your vacation sunscreen. Who knew booking a room could lead you to a room full of malware?
Key Points:
- Cybercriminals compromised hotel systems via a sophisticated phishing operation targeting Booking.com partner accounts.
- The malware campaign, active since April 2025, involves sending malicious emails that lead to malware infections.
- Victims are tricked into downloading PureRAT malware, which allows attackers to control infected devices and steal data.
- Stolen credentials are sold on cybercrime forums or used in fraudulent schemes, including fake Booking.com pages.
- The operation shows the professionalization of cybercrime targeting hospitality businesses, with active trades on Russian forums.