A large-scale phishing campaign is targeting hotel systems across the world. Attackers are using a clever social engineering trick called “ClickFix” to fool hotel staff. This method convinces them to run harmful commands that secretly install malware. Security researchers have confirmed that this campaign is active and widespread.

The attackers begin by sending fake emails that look like official messages from booking platforms or customers. These emails often appear urgent, claiming payment or booking issues. They contain links leading to fake verification pages that look trustworthy. Once staff follow the steps, the attack begins silently.

On these fake pages, users are asked to copy and paste a command into the Run box or terminal. The command seems safe but actually downloads a hidden ZIP file containing malware. When executed, it installs PureRAT, a powerful remote access trojan that grants full system control to the attacker.

PureRAT allows criminals to monitor screens, record keystrokes, steal files, and spy through webcams. With this access, they collect login details for booking portals and hotel systems. The stolen credentials are either sold on dark web markets or used in more phishing scams. This makes the infection extremely dangerous for hotels and their customers.

Cybersecurity experts discovered that this operation is well-organized and financially motivated. Attackers trade stolen hotel credentials and hacking tools on underground forums. Some accounts sell for a few dollars, while others cost hundreds depending on their value. This shows that the campaign is both professional and profitable.

Hotels are particularly at risk because attackers can impersonate staff and contact real guests. Using stolen booking access, scammers send fake payment or cancellation requests. Since they use real booking information, the messages look completely genuine. Many guests have already fallen for these fraud attempts.

Experts advise hotels to enable multi-factor authentication and regularly check for suspicious logins. Staff should never paste commands from unknown links or emails. Guests should verify all payment requests by contacting the hotel directly. Simple caution and awareness can prevent major losses.

In summary, this campaign combines smart deception with dangerous malware to target the hospitality industry. The use of ClickFix tricks and PureRAT malware makes it powerful and hard to detect. Staying alert and following security best practices is essential. Both hotels and travelers must stay vigilant against these evolving threats.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news