- Security researchers have spotted a new malware campaign dubbed ‘RevengeHotels’ that is targeting the hospitality sector around the world.
- This campaign primarily relies on email to deliver the malware.
Hostels, hotels, hospitality, and tourism companies primarily in Brazil are targeted by this campaign. Victims from other parts of the world including France, Italy, and Mexico, among others have also been recorded.
The campaign is said to be after the credit card details of travelers and guests from hotel management systems.
This campaign relies heavily on email to deliver malware using weaponized PDF, Excel, or Word documents.
- In certain cases, the campaign was observed to be exploiting the remote code execution vulnerability tracked as CVE-2017-0199 in Microsoft Office or WordPad.
- The threat actors behind this campaign use legitimate company names to trick receivers into opening the emails. The emails are also carefully crafted with a lot of details.
When the malicious email is opened, a remote OLE(Object Linking and Embedding) object via template injection technique is dropped. The macro present inside executes the final payload.
The malware is capable of harvesting details from the clipboard and printer spooler. It can also steal screenshots.
“According to the relevant underground forums and messaging groups, these criminals also infect front desk machines in order to capture credentials from the hotel administration software; they can then steal credit card details from it too. Some criminals also sell remote access to these systems, acting as a concierge for other cybercriminals by giving them permanent access to steal new data by themselves,” say the security experts at Kaspersky.
With the holiday season going on, shoppers and travelers must stay cautious especially with their payment card details.