A new RevengeHotels campaign targets Latin America

Sept. 16, 2025, 2:10 p.m.

Description

RevengeHotels, a threat group active since 2015, has launched a new campaign targeting the hospitality sector in Latin America. The group has evolved its tactics, now utilizing AI-generated code and the advanced VenomRAT malware. Their primary attack vector remains phishing emails with invoice themes, but they've expanded to include fake job applications. The campaign primarily targets Brazilian hotels, with some attacks directed at Spanish-speaking markets. VenomRAT, an evolution of QuasarRAT, offers enhanced capabilities including anti-kill protection, USB spreading, and advanced stealth techniques. The threat actors are leveraging AI to generate more sophisticated phishing lures and malicious code, indicating a significant advancement in their operational capabilities.

External References

https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493
https://otx.alienvault.com/pulse/68c968f7cd6d3841b97c7388
Tags
xworm
phishing
njrat
venomrat
quasarrat
stealth techniques
hospitality
latin america
revengerat
ai-generated code
2025-09-16
usb spreading
procc
888 rat
nanocorerat
desckvbrat

Date

  • Created: Sept. 16, 2025, 1:41 p.m.
  • Published: Sept. 16, 2025, 1:41 p.m.
  • Modified: Sept. 16, 2025, 2:10 p.m.

Attack Patterns

  • DesckVBRAT
  • 888 RAT
  • ProCC
  • NanoCoreRAT
  • RevengeRAT
  • LV
  • Bladabindi
  • Njw0rm
  • njRAT - S0385
  • VenomRAT
  • XWorm
  • RevengeHotels

Additional Informations

  • Hospitality
  • Costa Rica
  • Bolivia, Plurinational State of
  • Chile
  • Argentina
  • Spain
  • Belarus
  • Mexico
  • Brazil
  • Russian Federation

Linked vulnerabilities

CVE-2017-0199

None
Published: