Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

SUMMARY :

A phishing campaign targeting organizations in the hospitality industry has been identified, impersonating Booking.com and using the ClickFix social engineering technique to deliver multiple credential-stealing malware. The campaign, tracked as Storm-1865, targets individuals likely to work with Booking.com in North America, Oceania, Asia, and Europe. The attack uses fake emails and webpages to trick users into executing malicious commands, leading to the download of various malware families including XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT. The campaign aims to steal financial data and credentials for fraudulent use, showing an evolution in the threat actor's tactics to bypass conventional security measures.

OPENCTI LABELS :

phishing,social engineering,xworm,venomrat,netsupport rat,asyncrat,lumma stealer,danabot,clickfix,credential-stealing


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware