Hotels are having their staff targeted by a new attack campaign aimed at exfiltrating hotel management credentials through emails that include Windows malware, The Register reports.
Attackers have been sending either complaint emails or future booking assistance requests, which when responded to by hotel staff would prompt another message that includes a link that then redirects to a password-protected archive hosted on cloud storage services, according to a report from Sophos. Such an executable was discovered to be a Redline Stealer or Vidar Stealer malware variant used to steal credentials. Similar tactics have been leveraged in ongoing attacks against Booking.com customers, which involved the theft of admin management portal credentials. "While this breach was not on Booking.com, we understand the seriousness for those impacted, which is why our teams work diligently to support our partners in securing their systems as quickly as possible and helping any potentially impacted customers accordingly, including with recovering any lost funds," Booking.com then said.
