Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer

The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com customers to a recently identified scam wherein hotels' Booking.com accounts are compromised to deceive users into divulging their payment details.
Researchers have observed that cybercriminals successfully obtained access to hotel login credentials through the utilization of the Vidar information stealer.
While this tool is not commonly employed in such scams, in this instance, the Vidar infostealer is utilized to infiltrate the hotel's Booking.com portal.
This unauthorized access enables cybercriminals to peruse upcoming bookings and communicate directly with guests while posing as hotel staff.
Researchers from Secureworks Counter Threat Unit™ suspect that this may be part of a broader campaign specifically aimed at targeting Booking.com users.
Characterizing it as a sophisticatedly crafted scam, researchers highlight that the hackers devised an email aimed at gaining the trust of hotel employees.
The deceptive message purportedly originated from a former guest who reported losing their ID or other valuables, seeking assistance from the hotel staff to locate the items.
A link within the email, allegedly containing a photo of the lost item, actually served to install the Vidar infostealer.
Once activated, this malware illicitly acquires the hotel's Booking.com login credentials, facilitating unauthorized access to guest reservation details.
The hook in this scam creates a sense of urgency for the guests.
The attacker contacts those having reservations at the hotel through Booking.com.
Guests receive urgent emails from the hotel demanding immediate payment confirmation to avoid booking cancellation.
According to Secureworks' report, this leads them to a fake website designed to look like Booking.com, which was created to steal their payment data.
The scammers scam the guests by draining their accounts using the stolen payment data.
They sell Booking.com credentials on the Dark Web for up to $2,000.
Although Booking.com hasn't been directly breached, the company is cooperating with impacted hotels to improve security and help affected customers.
The company emphasized using machine learning to detect suspicious activity and advised hotels and customers to stay vigilant and never provide payment details without verifying the website.
Hotels should be especially cautious of suspicious emails and enable multi-factor authentication on Booking.com and other platforms to add an extra layer of security.
Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, shared his comments with Hackread.com, stating that this scam is designed to target hotels with good reputations.
RELATED ARTICLES The Benefits Of Blockchain In The Travel Industry Newly Surfaced ThirdEye Infostealer Targeting Windows Devices Fake ChatGPT and AI pages on Facebook are spreading infostealers Hotel reservation platform leaks user data from top online booking sites Hackers steal sensitive data from Japanese search engine for sex hotels.


This Cyber News was published on www.hackread.com. Publication date: Mon, 04 Dec 2023 17:43:05 +0000


Cyber News related to Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer

Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
11 months ago Hackread.com
Booking.com Customers Scammed in Novel Social Engineering Campaign - Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running ...
11 months ago Infosecurity-magazine.com
Booking.com customers targeted in hotel booking scam - Scammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. Secureworks outlined an attack that occurred in October 2023, when a scammer ...
11 months ago Helpnetsecurity.com
Vidar Infostealer - Vidar is an infostealer malware that was first discovered in the wild in late 2018. It operates as malware-as-a-service and runs on Windows. Vidar can collect a wide range of sensitive data from browsers and digital wallets. Additionally, it is used ...
11 months ago
Check Point Research Unfolds: Navigating the Deceptive Waters: Unmasking A Sophisticated Ongoing NFT Airdrop Scam - Sophisticated Scam Targeting Token Holders: Over 100 popular projects' token holders targeted with fake NFT airdrops appearing from reputable sources. Multi-Stage Deception Uncovered: The ongoing Scam involves enticing victims to fraudulent websites ...
9 months ago Blog.checkpoint.com
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
11 months ago Bbc.com
New Phishing Scam Hooks META Businesses with Trademark Threats - The phishing scam falsely asserts that the victim's Facebook page will be permanently deleted due to a post allegedly infringing on trademark rights. There is no actual infringement; it's all part of the scammer's malicious plan. In a recent wave of ...
9 months ago Hackread.com
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to ...
1 year ago Securityweek.com
Massive utility scam campaign spreads via online ads - When customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they ...
8 months ago Malwarebytes.com
Ukrainian Raccoon Infostealer Operator Extradited to US - A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands. The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law ...
8 months ago Securityweek.com
Fraudsters make $50,000 a day by spoofing crypto researchers - Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major ...
11 months ago Bleepingcomputer.com
7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
10 months ago Nytimes.com
Cybercrims target hotel staff for management credentials The Register - Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season. Researchers at Sophos said the latest malware campaign targeting hotels involves sending emails that play on the emotions of staff, while ...
10 months ago Go.theregister.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
9 months ago Darkreading.com
Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released - Advanced ransomware campaigns expose need for AI-powered cyber defenseIn this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI ...
10 months ago Helpnetsecurity.com
Is that survey real or fake? How to spot a survey scam - Online surveys and quizzes are all over the internet. They're quick and cheap to set up, easy for recipients to fill out, and simple for researchers to interpret. It's no wonder that they remain a popular tool for marketers to reach and research ...
1 year ago Welivesecurity.com
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
10 months ago Hackread.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
11 months ago Hackread.com
- In the contemporary landscape dominated by digital interconnectedness, the escalating menace of cybercrime has assumed unprecedented proportions. The latest threat on the horizon is the insidious 'SIM Swap' scam, an advanced scheme exploiting ...
10 months ago Cysecurity.news
Fake Recruiters Defraud Facebook Users via Remote Work Offers - A fresh wave of job scams is spreading on Meta's Facebook platform that aims to lure users with offers for remote-home positions and ultimately defraud them by stealing their personal data and banking credentials. The attackers dangle offers of ...
9 months ago Darkreading.com
Indian police arrest five accused of trafficking people into scam compounds - On May 27, the National Investigation Agency said it had searched locations across six states and seized evidence like digital devices and bogus employment letters. Southeast Asia's cyber fraud industry, which is run primarily by Chinese organized ...
5 months ago Therecord.media
Over 800 Phony "Temu" Domains Lure Shoppers into Credential Theft - Stay alert against Temu phishing scams: Cybersecurity experts warn of scammers using fake giveaways to steal credentials. Over 800 new 'Temu' domains registered in the past 3 months. Temu is the latest brand chosen by scammers for their phishing ...
9 months ago Hackread.com
Sophisticated Vishing Campaigns Take World by Storm - Voice phishing, or vishing, is having a moment right now, with numerous active campaigns across the world that are ensnaring even savvy victims who might seem likely to know better, defrauding them in some cases of millions of dollars. South Korea is ...
7 months ago Darkreading.com
8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin - The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, ...
1 month ago Wordfence.com
Weak password and infostealer blamed for Orange Spain outage The Register - A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic. The network provider is Spain's second most popular and on Wednesday evening confirmed its RIPE ...
10 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)