SecuriTricks - booking.com

CastleLoader Activity Clusters Target Multiple Industries

Insikt Group has identified four distinct activity clusters associated with GrayBravo's CastleLoader malware, each with unique tactics and victim profiles. This supports the assessment that GrayBravo operates a malware-as-a-service model. One cluster, TAG-160, impersonates logistics firms and uses …

phishing

matanbuchus

Published: December 9, 2025

Downloadable IOCs: 87

Booking.com Phishing Campaign Targeting Hotels and Customers

A sophisticated phishing campaign is targeting the hospitality industry, specifically Booking.com partners and their customers. The attackers first compromise hotel administrators' systems using malware like PureRAT, gaining access to booking management accounts. They then use this access to conduc…

Published: November 7, 2025

Downloadable IOCs: 100

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

A phishing campaign targeting organizations in the hospitality industry has been identified, impersonating Booking.com and using the ClickFix social engineering technique to deliver multiple credential-stealing malware. The campaign, tracked as Storm-1865, targets individuals likely to work with Bo…

Published: April 13, 2025

Downloadable IOCs: 0

Booking.com Phishers May Leave You With Reservations

A recent spear-phishing campaign targeted a California hotel after its Booking.com credentials were stolen. The scam involved sending targeted messages within the Booking mobile app, claiming additional information was required for anti-fraud purposes. Booking.com confirmed a security incident affe…

Published: November 2, 2024

Downloadable IOCs: 0

Tag: booking.com

Attack reports

CastleLoader Activity Clusters Target Multiple Industries

Booking.com Phishing Campaign Targeting Hotels and Customers

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

Booking.com Phishers May Leave You With Reservations