216.73.216.204

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

· Published 13/04/2025 10:37 · Modified 14/04/2025 11:28

Export JSON

Essential information

Published
13/04/2025 10:37
Modified
14/04/2025 11:28
Tags
2025-03-13 2025-04-13 asyncrat booking.com clickfix credential stealing danabot lumma stealer netsupport rat phishing social engineering venomrat xworm
Related entities
1 intrusion sets (apt), 7 techniques (mitre), 6 malware, 1 others

Description

A campaign targeting organizations in the hospitality industry has been identified, impersonating and using the technique to deliver multiple credential-stealing malware. The campaign, tracked as Storm-1865, targets individuals likely to work with in North America, Oceania, Asia, and Europe. The attack uses fake emails and webpages to trick users into executing malicious commands, leading to the download of various malware families including , , , , , and . The campaign aims to steal financial data and credentials for fraudulent use, showing an evolution in the threat actor's tactics to bypass conventional security measures.

External references