Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

The attacker’s modus operandi involved using a compromised email account to send malicious messages to multiple hotel establishments. This campaign leverages spear-phishing emails that impersonate Booking.com to redirect victims to malicious websites, employing the ClickFix social engineering tactic to deploy PureRAT.

The end goal of the campaign is to steal credentials from compromised systems that grant threat actors unauthorized access to booking platforms like Booking.com or Expedia, which are then either sold on cybercrime forums or used to send fraudulent emails to hotel customers to conduct fraud.

“ClickFix pages are becoming increasingly sophisticated, making it more likely that victims will fall for the social engineering,” Push Security said. “ClickFix payloads are becoming more varied and are finding new ways to evade security controls.”

To read the complete article see: The Hacker News.