This year, we witnessed larger cybercrime cases which upscaled across the world. Recently, cybersecurity researchers have warned people about a new scam that was targeting Booking.com customers. The hackers are posting advertisements on the Dark Web and asking for help in finding victims. This time, the hackers are targeting accommodation that has been listed on the platform to imitate the staff members.
How are hackers operating now?
At present, the scam is being investigated by the cyber-security firm named Secureworks, which is involved in the deployment of the Vidar infostealer to steal a hotel's Booking.com credentials.
Access to the Booking.com management portal will enable the threat to see the upcoming bookings and will directly message the guests, as per Secureworks- the cybersecurity firm.
Although the portal of Booking.com has not been hacked, the hackers have come up with several ways to get into the administration portals of individual hotels which use the service.
Hackers are compensating this time
Hackers are offering USD 30 to USD 2,000 per valid log with additional incentives for regular suppliers.
As per the reports, hackers will be making so much money in their attacks that they are now offering to pay thousands of dollars to the criminals who share access to the hotel’s portal.
The spokesperson of Booking.com stated that they are aware that some of its accommodation partners are being targeted by the hackers by "using a host of known cyber-fraud tactics", the BBC report states.
Secureworks incident responders have noted further that the threat actor has initiated contact by emailing a member of the hotel's operations staff.
The security team noted, “The sender claimed to be a former guest who had lost an identification document (ID), and they requested the recipient's assistance in finding it. The email did not include an attachment or malicious links, and it was likely intended to gain the recipient's trust.”
Hackers are sending emails with attachments
As there is no specific reason to be suspicious, the employee has responded to the email and has requested additional information to assist the sender.
Later, the hackers sent another email about the lost ID- identified the document as a passport and mentioned that they strongly believed that they left it at the hotel.
When the recipient clicks on the link which is available in the email, a ZIP archive file will be downloaded to the computer's desktop.
The researchers further informed: “Microsoft Defender identified a file within this archive as the Vidar infostealer. Microsoft Defender detected multiple failed execution attempts before the malware finally executed.”
Secureworks researchers analysed the contents of this file and have confirmed that it is the Vidar infostealer, whose sample is configured for stealing the password only.
The team said, “This activity originally appeared to suggest that Booking.com's systems were compromised. However, the observations by Secureworks incident responders indicate that threat actors likely stole credentials to the admin. booking. com property management portal directly from the properties and used the access to target the properties' customers.”
ALSO READ: Google rolling out the bulk select feature in Gmail for Android and iOS
Inputs from IANS
