RevengeHotels is a cybercrime malware campaign which a group of hackers against hotels, hostels, hospitality and tourism companies. According to Kaspersky Lab, more than 20 hotels in Brazil, Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, and Turkey had already been targeted by cybercriminals. Guests’ credit card data was collected not only through the hotel systems but also through popular online travel resources such as Booking.com.
The main vector of the attack is e-mail. The danger lies in the attached Word, Excel or PDF documents. Phishing letters imitate official group booking requests from real people from real companies. At first glance, everything looks persuasive – the letters contain copies of official documents and a detailed explanation of the reason why this hotel was chosen. The only thing that reveals the malefactors are mistakes in spelling the company’s domain. The attackers used Trojans for remote administration and data collection. Experts found out that hackers sell all the access to hotel systems in the Darknet.
Several hacker groups are involved in this cyber-fraud campaign. The names of the two groups, RevengeHotels and ProCC, are known. The group has been active since 2015 but increased its attacks in 2019.