BBC News reports that major online travel agency Booking.com had its customers in the U.S., UK, and other parts of the world impacted by fraud following a social engineering attack that involved the deployment of the Vidar information-stealing malware.
Hotel staff have been lured to download malicious software with the Vidar infostealer by threat actors masquerading as guests who forgot their passports, with a Google Drive link purporting to have an image of the misplaced passport downloading the malware to determine Booking.com access and all clients with room reservations, a report from Secureworks revealed. Hotel clients are then being tricked to provide payments to the attackers instead of their hotel.
"The scam is working and it's paying serious dividends. The demand for credentials is likely so popular because it's seeing a high success rate, with emails targeting genuine customers and appearing to come from a trusted source. It's social engineering at its best," said Secureworks Counter Threat Unit Director of Threat Intelligence Rafe Piling.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.