ClickFix attack delivers infostealers, RATs in fake Booking.com emails

Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. The campaign started in December 2024 and continues today, targeting employees at hospitality organizations such as hotels, travel agencies, and other businesses that use Booking.com for reservations. The threat actors' goal is to hijack employee accounts on the Booking.com platform and then steal customer payment details and personal information, potentially using it to launch further attacks on guests. Microsoft security researchers who discovered this campaign attribute the activity to a threat group it tracks as 'Storm-1865.' ClickFix meets Booking.com ClickFix is a relatively new social engineering attack that displays fake errors on websites or in phishing documents and then prompts users to perform a "fix" "captcha" to view the content. However, these fake fixes are ... Read full article.