Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat
The Hacker News••technology
Key Points:
- Cybersecurity researchers have uncovered a new phishing campaign called PHALT#BLYX targeting the European hospitality sector, using fake Booking.com reservation cancellation emails to deliver a remote access trojan (RAT) named DCRat.
- The attack chain involves redirecting victims to a counterfeit Booking.com site that displays fake blue screen of death (BSoD) errors, tricking users into running malicious PowerShell commands that deploy the malware.
- DCRat uses a multi-stage process involving an MSBuild project file to evade detection by disabling or bypassing Microsoft Defender Antivirus and establishing persistence on infected systems.
- The malware can harvest sensitive data, execute arbitrary commands, log keystrokes, and install additional payloads like cryptocurrency miners,
:max_bytes(150000):strip_icc()/GettyImages-22400154171-19eb2573d96647f8894478942b5721be.jpg)
