A new scam targeting Booking.com customers is being investigated by cybersecurity firm Secureworks. Booking.com is aware of the cyber-fraud tactics used by the hackers, who are now offering to pay thousands of dollars to the criminals.
This year, the world saw cybercrime cases rise. Cybersecurity researchers recently warned of a Booking.com scam. Hackers are running Dark Web ads to find victims. This time, hackers are impersonating platform-listed accommodation workers.
How do hackers operate now?
Secureworks is investigating the scam, which uses the Vidar infostealer to steal Booking.com credentials.
Secureworks, a cybersecurity firm, says the threat can see upcoming bookings and communicate guests using the Booking.com management interface.
Hackers have found multiple ways to access hotel administration sites that use Booking.com, but not the Booking.com portal.
Now hackers are compensating.
Hackers offer $30–$2,000 each valid log, with incentives for regular suppliers.
According to reports, hackers will make so much money from their attacks that they are offering thousands of dollars to crooks who share the hotel portal.
According to the media, Booking.com’s representative said hackers are targeting some of its hotel providers “using a host of known cyber-fraud tactics”.
Secureworks incident responders also found that the threat actor emailed a hotel operations employee.
The security team stated, “The sender claimed to be a former guest who had lost an ID and requested the recipient’s assistance in finding it. The email included no attachments or dangerous links and was likely meant to win trust.
Hackers send attachment-laden emails.
The employee responded to the email and sought more information to help the sender because there is no suspicious activity.
Later, the hackers sent another email regarding the lost ID, identifying it as a passport and saying they suspected they left it at the hotel.
A ZIP archive file will be downloaded to the recipient’s desktop when they click the email link.
Researchers added: “Microsoft Defender identified a file in this archive as the Vidar infostealer. Microsoft Defender discovered many failed malware execution attempts before it executed.”
Secureworks researchers found that this file contains the Vidar infostealer, whose sample exclusively steals passwords.
The researchers stated, “This activity initially suggested Booking.com’s systems were compromised. Secureworks incident responders believe threat actors took admin. booking. com property management portal credentials directly from properties and targeted customers.
Conclusion
Security firm Secureworks is investigating a new Booking.com scam. Hackers are running Dark Web ads to find victims. To resemble platform crew, they target accommodation. Hackers are using the Vidar infostealer to steal a hotel’s Booking.com credentials to see upcoming bookings and message guests. Hackers have accessed various hotel administration portals using Booking.com, but not the main portal. They pay USD 30–2,000 each valid log with incentives for regular suppliers. Booking.com says hackers are targeting some of its hotel partners using cyber-fraud tactics.
Secureworks incident responders said the threat actor emailed a hotel operations staff member posing as a former guest who lost their ID. This email likely sought the recipient’s trust. When the recipient clicks the link, a ZIP package is downloaded to the desktop. Microsoft Defender found a password-only Vidar infostealer file in the archive.
