Recent research has uncovered an alarming phishing campaign targeting the hospitality sector, particularly through compromised Booking.com accounts, labeled ‘I Paid Twice’ due to victims paying double for reservations. This operation, which has been operational since April 2025, involves complex multi-layered malware strategies and credential theft. Attackers begin their assault by sending spear-phishing emails that impersonate Booking.com communications, leading victims to malicious URLs and various ClickFix social engineering tactics.
Once victims engage with these fraudulent communications, malware like PureRAT infiltrates their systems, collecting information and circumventing detection through sophisticated means. The attack relies on a commercialized Traffic Distribution System to obfuscate the origin of malicious links and maintain an appearance of legitimacy. This ecosystem operates by harvesting hotel administrator credentials and utilizing them for financial exploitation through Russian-speaking cybercrime forums, reinforcing the self-sustaining fraudulent pipeline. The ramifications of this operation extend across the global hospitality sector, highlighting an alarming trend in professional cybercrime.
👉 Pročitaj original: Cyber Security News
