ClickFix Campaign Targets Hotels, Spurs Secondary Customer Attacks www.darkreading.com/cyberatta…
Researchers have uncovered a broad campaign in which threat actors target hotels with ClickFix attacks to steal customer data as part of ongoing attacks against the hospitality sector that includes secondary attacks against the establishments' customers.
Threat analysts at Sekoia.io uncovered the activity when a partner alerted them to a phishing campaign that used either emails sent from a hotel’s compromised Booking.com account or messages in WhatsApp, according to a report published Friday. Attackers had customer data, including personal identifiers and reservation details, which made their phishing attempts appear more legitimate.
After further analysis, the researchers realized the activity was part of a much broader campaign that started around April and was still active up to at least October involving a ClickFix attack spreading infostealing malware that targeted hotels and other lodging establishments, they said. The campaign enabled the theft of professional credentials granting access to booking platforms, such as Booking.com and Expedia.
