Hospitality, hotel, and travel organizations across Latin America have been experiencing a wave of malware attacks from the TA588 cybercrime group, reports The Hacker News.
While TA588 has typically operated as a "small crime threat actor" looking to spread the Revenge RAT, Loda RAT, and vjW0rm malware since its emergence in 2018, it has moved to deploy more intensive phishing campaigns aimed at Latin America, North America, and Western Europe this year, according to a report from Proofpoint.
Recent attacks by TA588 have shown the group increasingly leveraging ISO files and URLs for initial compromise instead of VBA macro-laced Word documents it typically used in attacks between 2018 and 2021 after Microsoft decided to disable macros by default, the report showed.
"The malware used by TA558 can steal data including hotel customer user and credit card data, allow lateral movement, and deliver follow-on payloads. Activity conducted by this actor could lead to data theft of both corporate and customer data, as well as potential financial losses," said researchers.
