HomeRisk ManagementsBooking.com phishing scam uses fake CAPTCHA to install AsyncRAT - Source: hackread.com

Booking.com phishing scam uses fake CAPTCHA to install AsyncRAT – Source: hackread.com

Published on

spot_img

In a recent cybersecurity development reported by hackread.com, a new phishing campaign has been uncovered that specifically targets hotel staff through fake Booking.com emails. The goal of this scam is to manipulate victims into executing harmful commands on their own systems, ultimately infecting and compromising hotel networks with AsyncRAT malware.

The scam starts with a seemingly legitimate email that appears to be from Booking.com. The email alerts the recipient that a guest has left behind important personal items and urges the hotel manager to click on a button labeled “View guest information.” This tactic is a classic example of social engineering, designed to prompt individuals to click without fully considering the potential risks.

Upon clicking the link in the email, users are directed to a fake Booking.com website hosted at a suspicious domain: booking.partlet-id739847.com. The site initially presents a CAPTCHA prompt, asking users to confirm that they are not robots. However, after completing the CAPTCHA, users are given instructions to press specific keys (WIN + R, CTRL + V, Enter) that trigger the execution of a hidden command on their systems.

The malware delivered through this phishing campaign is AsyncRAT, a remote access trojan that has been active since the second half of 2019. AsyncRAT is known for its keystroke logging, remote desktop viewing, file access, data theft, and ability to install additional payloads. Cybercriminals favor AsyncRAT for its open-source nature and customizable features, making it a popular choice for malicious actors in various cyberattacks.

This phishing campaign stands out due to its sophisticated approach to tricking users into manually executing malware, bypassing traditional security measures and evading detection. If successful, attackers could gain complete remote access to hotel systems, jeopardizing sensitive customer data, reservation details, and payment records.

To protect against such phishing scams, hotels and their staff are advised to exercise caution and follow certain precautions. It is recommended not to click on links in unsolicited emails, avoid running commands based on instructions from unknown sources, verify the legitimacy of website domains, and report any suspicious messages to Booking.com through official channels.

This incident serves as a reminder of the evolving threat landscape of phishing attacks, where cybercriminals exploit realistic branding and novel malware execution tactics to infiltrate secure systems. Hotel managers and staff must remain vigilant and approach any unexpected emails involving guest data with a healthy dose of skepticism to safeguard against potential cyber threats.

Source link

Latest articles

Opera Introduces Paste Protect to Combat ClickFix

Opera Launches "Paste Protect" Feature to Combat ClickFix Attacks In a strategic move to bolster...

AI-Generated Browser Ransomware Exploits Chromium API on Windows, Linux, macOS, and Android

In a significant development within the realm of cybersecurity, researchers from Check Point have...

950 Oracle E-Business Suite Instances Exposed to CVE-2026-46817 Attacks Detected in the Wild

Urgent Security Alert: Nearly 950 Oracle E-Business Suite Instances Exposed Amid Active Exploitation Attempts In...

OpenAI Allows Cyber Vendors to Integrate GPT-5.5 into Their Defense Systems

Daybreak Cyber Partner Program Expands Application of GPT-5.5 for Cybersecurity Solutions June 22, 2026 |...

More like this

Opera Introduces Paste Protect to Combat ClickFix

Opera Launches "Paste Protect" Feature to Combat ClickFix Attacks In a strategic move to bolster...

AI-Generated Browser Ransomware Exploits Chromium API on Windows, Linux, macOS, and Android

In a significant development within the realm of cybersecurity, researchers from Check Point have...

950 Oracle E-Business Suite Instances Exposed to CVE-2026-46817 Attacks Detected in the Wild

Urgent Security Alert: Nearly 950 Oracle E-Business Suite Instances Exposed Amid Active Exploitation Attempts In...