Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A phishing campaign targeting the hospitality industry impersonates Booking.com to deliver multiple credential-stealing malware. The campaign, tracked as Storm-1865, uses a social engineering technique called ClickFix to trick users into downloading malicious payloads. Targets are sent emails with links to fake Booking.com pages, which prompt users to execute commands that download malware. The campaign delivers various malware families including XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT. Organizations in North America, Oceania, Asia, and Europe are targeted. The threat actor's evolving tactics demonstrate attempts to bypass conventional security measures.
OPENCTI LABELS :
phishing,xworm,venomrat,netsupport rat,asyncrat,lumma stealer,danabot,clickfix,booking.com,credential-stealing
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware