Hostels, hotels, hospitality, and tourism companies primarily in Brazil are targeted by this campaign. Victims from other parts of the world including France, Italy, and Mexico, among others have also been recorded.
The campaign is said to be after the credit card details of travelers and guests from hotel management systems.
The tactics
This campaign relies heavily on email to deliver malware using weaponized PDF, Excel, or Word documents.
When the malicious email is opened, a remote OLE(Object Linking and Embedding) object via template injection technique is dropped. The macro present inside executes the final payload.
The malware is capable of harvesting details from the clipboard and printer spooler. It can also steal screenshots.
What next?
“According to the relevant underground forums and messaging groups, these criminals also infect front desk machines in order to capture credentials from the hotel administration software; they can then steal credit card details from it too. Some criminals also sell remote access to these systems, acting as a concierge for other cybercriminals by giving them permanent access to steal new data by themselves,” say the security experts at Kaspersky.
With the holiday season going on, shoppers and travelers must stay cautious especially with their payment card details.
Publisher