Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label AsyncRAT attack. Show all posts
Warning
AsyncRAT attack Booking.com scam Fake Captcha malware OTA phishing travel cybersecurity vacation scam alert Warning

Fake Booking.com CAPTCHAs Are Tricking Travelers Into Installing Malware

 

Cybercriminals are exploiting vacationers in a deceptive phishing campaign that mimics the well-known online travel agency, Booking.com. According to cybersecurity researchers at Malwarebytes Labs, this scam uses bogus CAPTCHA prompts to trick users into giving hackers remote access to their devices, compromising both personal and financial information.

The attack typically starts with links shared on social media platforms or gaming websites, sometimes even appearing as sponsored advertisements. These links redirect users to fraudulent sites impersonating Booking.com—a legitimate OTA (online travel agency) widely used for booking flights, hotels, car rentals, and travel packages.

Once a user clicks on the deceptive link, a counterfeit CAPTCHA prompt appears, asking them to check a box. This step secretly copies a command to the user's clipboard. The next prompt instructs users to run a specific keystroke combination on their device—a red flag, as this is not part of any authentic CAPTCHA process.

Behind the scenes, the copied text contains a PowerShell command. Executing it initiates the download of several files that install a Remote Access Tool (RAT) known as Backdoor.AsyncRAT. This software enables attackers to remotely monitor and take control of the victim's system.

How to identify and protect yourself from the Booking.com RAT scam:

Always verify URLs: Malwarebytes Labs highlights that these fake domains shift regularly and vary in how legitimate they appear. Some might resemble real Booking.com URLs, like (booking.)guestsalerts[.]com, while others are more obscure, such as kvhandelregis[.]com. The safest approach is to avoid clicking on social media links or ads and instead navigate directly to the website by typing the URL into your browser’s address bar.

Avoid using search engines for travel bookings: Searching for travel deals on platforms like Google may expose you to “malvertising,” where scammers replicate trusted brands to lure users through top-ranking sponsored results. It’s better to book directly with hotels, airlines, or verified OTAs.

Don’t trust CAPTCHA forms from unknown sources:
"Be wary of following instructions, such as executing commands, from websites, CAPTCHA forms, or social media videos, which can easily trick you into installing malware."

Disabling JavaScript in your browser can block clipboard-based exploits, though it may also interfere with the functionality of many legitimate websites.

Cybersecurity experts continue to stress vigilance, especially during peak travel seasons when scammers often ramp up such campaigns.
Read more »
Subscribe to: Posts (Atom)