Hotel Hackers divert visitors to a Fake Booking.com site

Security researchers uncovered a multi-phase information theft operation in which hackers compromise the networks of lodging establishments, online travel agencies, and booking portals, then use their gained access to target consumer financial information.

The combination of this indirect method and a spoof Booking.com payment page offers thieves a far higher success rate when it comes to credit card data collection.

A link for the purported card verification is sent to the victim in order to maintain the reservation. The link causes an executable that is encoded in a sophisticated JavaScript base64 script to run on the victim’s computer.

The researcher emphasizes that the script is meant to make analysis much more challenging and that its goal is to identify information about the browsing environment.

Several security validation and anti-analysis tactics were also used by the attacker to ensure that only prospective victims made it to the next step of the fraud, which displays a phony Booking.com payment page.

Even if an unwanted link seems genuine, users should avoid clicking on it, be wary of urgent or threatening messages requesting rapid action, and seek for signs of deceit while visiting URLs.

(Score: 23) - 4.5/5
4.5/5