• Warning: Booking.com users targeted with Dark Web ads, Vidar infostealer steals hotel credentials.
• Scammers pose as guests, pay for stolen Booking.com logins.
• Caution: Social engineering used, watch out for Vidar infostealer downloads.

Impersonating Staff Members – A New Threat Emerges

Cybersecurity experts have issued a warning about a sophisticated scam targeting Booking.com customers, where cybercriminals post advertisements on the Dark Web seeking assistance in victimizing users. The scam, investigated by Secureworks, involves hackers deploying the Vidar infostealer to pilfer credentials from hotel Booking.com accounts, allowing them unauthorized access to Booking.com management portals.

Intricate Tactics Unveiled

Although Booking.com itself hasn’t been breached, the hackers have ingeniously found their way into the administration portals of individual hotels using the service. By gaining access, threat actors can view upcoming bookings and even send direct messages to guests. Secureworks reports that these hackers are offering financial incentives ranging from $30 to $2,000 for valid login credentials, with extra rewards for regular suppliers.

Elaborate Social Engineering at Play

The cybercriminals initiate contact by posing as former guests who claim to have lost identification documents, such as passports, during their stay. The initial emails, devoid of attachments or malicious links, are designed to build trust with the hotel staff. As the unsuspecting staff responds, the threat actors then send follow-up emails with a seemingly harmless link, which, when clicked, downloads a ZIP archive containing the Vidar infostealer onto the hotel’s computer.

Focus on Password Theft, Not System Compromise

Initially appearing as a potential compromise of Booking.com’s systems, further investigation by Secureworks revealed that the attackers likely stole credentials directly from the admin.booking.com property management portal of individual hotels. The stolen access was then exploited to target both the hotels and their customers.

Booking.com Responds to the Threat

Booking.com has acknowledged the ongoing threat, stating that some of its accommodation partners are falling victim to hackers using a variety of cyber-fraud tactics. The company emphasizes its commitment to addressing the issue and ensuring the security of its users and partners.

Vigilance Urged as Cybercriminals Adapt

As cybercriminals continue to evolve their tactics, cybersecurity experts emphasize the importance of vigilance among both hotel staff and Booking.com users. Increased awareness, employee training, and robust cybersecurity measures are essential in combating these increasingly sophisticated threats that exploit the interconnected nature of online platforms and their affiliated services.

Also Read

Ego, Fear, and Money: Unveiling the Spark Behind the A.I. Fuse

Elon Musk and Larry Page had a disagreement about the potential dangers...