A new malicious campaign has targeted users of Booking.com making extensive use of social engineering techniques.
This is what emerges from research by Secureworks which, according to the data collected, has been ongoing for at least a year. The operation, which seems to be very fruitful for cybercriminals, takes advantage of the implementation of the infostealer Furtheralso known for its intense use in our country.
Through this malware, cybercriminals gain access to the Booking.com credentials of the platform’s partner hotels. This information is then used to send emails phishing to customers of the service, pushing them to provide payment details with, as you can easily imagine, disastrous results.
Secureworks’ research began following a first case identified last October. In this specific case, through an email message, a hotel staff member was asked for help in finding an identity document that she thought she had lost. The email in question did not include attachments o malicious links of any kind.
Without any reason to be suspicious, the employee responded asking for further information to help the elusive customer. The cybercriminals, therefore, provided an alleged link to Google Driveto provide passport photos and guest check-in details.
Vidar targets Booking.com properties and customers: here’s how to avoid disasters
Once you clicked on the link, a downloaded ZIP archivepromptly reported by Microsoft Defender as malware, but still managed to sneak onto your computer.
According to experts, the infostealer in question was set up to exclusively steal password from the compromised device. Over the next few days, hotel customers received emails requesting payments and/or confidential information.
Researchers believe the threat actors stole the property management portal credentials admin.booking.comallowing them to send legitimate-looking messages via the official app and email address [email protected].
The campaign has proven to be quite effective and, in this regard, Secureworks provides a series of tips to avoid falling victim to similar actions. In this regard, the most decisive action must be taken by who manages the hotels.
In this sense, it is essential to make employees aware of this malware campaign and implement, when possible, themulti-factor authentication on Booking.com accounts.
Customers, for their part, can also prevent situations like the one just outlined. It is therefore necessary to do pay attention to emails or app messages requesting payment detailseven if they appear to come from a legitimate sender.
If something seems suspicious or if they are asked username, password o credit card informationit is best to contact the structure directly through another route, such as for example telephone number.