‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality

March 13, 2025
‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality
  1. Home
  2. News
  3. ‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality

A sophisticated ‘ClickFix’ phishing campaign is impersonating Booking.com to target hospitality firms with multiple infostealing malware, enabling financial fraud and theft.

The ongoing campaign, which began in December 2024, has been attributed by Microsoft Threat Intelligence to a threat cluster known as Storm-1865.

The attackers use a social engineering technique called ClickFix to specifically target individuals in hospitality organizations in North America, Oceania, South and Southeast Asia, and Europe, which are likely to work with Booking.com, an online travel agency.

ClickFix sees threat actors use fake error messages that instruct users to fix issues copying, pasting and launching commands that eventually result in the download of malware.

The technique can bypass conventional and automated security features as the user infects themselves.

The tactic preys on users’ desire to fix problems themselves rather than alerting their IT team or anyone else.

The new campaign deploys multiple families of malware that have capabilities to steal financial data and credentials for fraudulent use. The malware families include XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot and NetSupport RAT.

Some samples have downloaded PowerShell, JavaScript, and portable executable (PE) content.

Microsoft said the tactics bear the hallmarks of past Storm-1865 campaigns, including targeting hotel guests by impersonating Booking.com.

“The addition of ClickFix to this threat actor’s tactics, techniques and procedures (TTPs) shows how Storm-1865 is evolving its attack chains to try to slip through conventional security measures against phishing and malware,” the researchers wrote.

Read now: Booking.com's CSO on Strengthening Security as Cyber-Attacks Target Travel Sector

How the ClickFix Campaign Works

Storm-1865 begins by sending malicious email impersonating Booking.com to the targeted individual.

The content of the emails varies significantly, including references to negative guest reviews, requests from prospective guests, online promotion opportunities account verification.

Tags:

No tags.

JikGuard.com, a high-tech security service provider focusing on game protection and anti-cheat, is committed to helping game companies solve the problem of cheats and hacks, and providing deeply integrated encryption protection solutions for games.

Explore Features>>

Top

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
Bungie's content cycling on Destiny 2 causes legal kerfuffle in plagiarism suit
May 6, 2025
None
NCSoft invests in TX-based studio founded by id, Naughty Dog alums
May 6, 2025

Tags

Featured BlogsTop StoriesLayoffsBlogsCultureFeaturesGenerative AIGDC 2024Horror GamesUnityUbisoftValveStaff BlogOmdia | Game Industry AnalysisGame Developer EssentialsState of the Game Industry ReportGame Developer's 2024 Wrap-Up: Top Games Devs and TrendsGame Developer CollectiveAudioDesignerSpotlight SeriesDeep Divesunity encryption[Company] UnityArtist[Company] Xbox[Company] PlayStationCooking GamesAnti-modifierGame SecurityRootRoot detectionAssetbundle encryptionGodotCareer adviceQ&A'sGameGuardianModifierAnti-RootSignature verificationUnity Hardeningab package encryptioniOS resource encryptionCECheat EngineAnti-CrackingGame Anti-HackingAnti-Hacking

Recent

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
Bungie's content cycling on Destiny 2 causes legal kerfuffle in plagiarism suit
May 6, 2025
None
NCSoft invests in TX-based studio founded by id, Naughty Dog alums
May 6, 2025
None
Microsoft's Q3 report shows slight Xbox growth as fresh price hikes loom
May 2, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Vox sells Polygon to Valnet in a blow to video game market
May 2, 2025
None
Compulsion Games boss: Generative AI usage 'is not mandated' at Xbox
May 2, 2025
None
'It was really wearing people down:' The funding challenges that followed 'runaway success' Another Crab's Treasure
May 1, 2025

Popular

None
Xbox is increasing hardware prices and bumping first-party titles to $80
May 1, 2025
None
Report: Russia aims to seize assets of former Wargaming subsidiary Lesta Studio
April 30, 2025
None
Report: EA lays off hundreds of workers after canceling games at Respawn Entertainment
April 30, 2025
None
'We are frustrated:' ZeniMax union workers continue to pressure Microsoft over contract negotiations
April 30, 2025
None
Unity Protection: Comprehensive Strategies for Securing Your Game
April 29, 2025
None
Game Anti-Repackaging: The Ultimate Protection for Developers and Publishers
April 29, 2025
None
Game SSL Pinning: A Vital Shield for Unreal Engine Cheat Protection
April 29, 2025
None
Roblox, Discord sued for 'facilitating the sexual exploitation' of a minor
April 29, 2025
None
Journey developer thatgamecompany to co-host game jam with $10,000 prize pool
April 28, 2025
None
Unreal Engine Protection: Ensuring Game Security and Preventing Cheating
April 27, 2025

Random

None
Microsoft's Q3 report shows slight Xbox growth as fresh price hikes loom
May 2, 2025
None
Report: Russia aims to seize assets of former Wargaming subsidiary Lesta Studio
April 30, 2025
None
Tenderfoot Tactics developer pulls title from Xbox to support pro-Palestine boycott
April 25, 2025
None
Report: Meta has laid off over 100 Reality Labs employees
April 25, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Exploring Memory Protection in Gaming: Key Techniques and Solutions
April 27, 2025
None
Journey developer thatgamecompany to co-host game jam with $10,000 prize pool
April 28, 2025
None
IO Interactive co-founder launches new 'consensus'-driven studio
April 25, 2025
None
App Shield: The Ultimate Solution for Mobile Game Protection
April 24, 2025
None
Nintendo tells customers in Japan to expect Switch 2 hardware shortage at launch
April 23, 2025

Most Views

None
Game Code Obfuscation: Essential Techniques and Tools for Developers
April 24, 2025
None
Anti Decompile: The Ultimate Game Protection Strategy
April 24, 2025
None
App Shield: The Ultimate Solution for Mobile Game Protection
April 24, 2025
None
Top-Rated App Protect Solutions for Mobile Game Developers: Ensure Security and Fair Play
April 24, 2025
None
Discord names former Activision Blizzard and King exec as its new CEO
April 24, 2025
None
Huge donation will help The Strong preserve the history of defunct Saints Row developer Volition
April 24, 2025
None
The Big Con developer Mighty Yell confirms layoffs
April 24, 2025
None
Top Mobile App Security Solution: Protecting Your Applications in 2025
April 23, 2025
None
Steam users will soon be able to search for games based on accessibility features
April 23, 2025
None
Nintendo tells customers in Japan to expect Switch 2 hardware shortage at launch
April 23, 2025