Kaspersky detects credit card data leak from hotels worldwide
MOSCOW, Dec 2 (PRIME) -- Russian antivirus software maker Kaspersky has detected a leak of credit card data stored in hotel administration systems, including those received from online travel agencies, the company said in a statement seen by PRIME on Monday.
УKaspersky telemetry confirmed targets in Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey. However, based on data extracted from Bit.ly, a popular link shortening service used by the attackers to spread malicious links, Kaspersky researchers assume that users from many other countries have at least accessed the malicious link, suggesting that the number of countries with potential victims could be higher,Ф the statement read.
RevengeHotels is a campaign that includes different groups using traditional Remote Access Trojans (RATs) to infect businesses in the hospitality sector. The campaign has been active since 2015 but has gone on to increase its presence in 2019. At least two groups, RevengeHotels and ProCC, were identified to be part of the campaign, however more cybercriminal groups are potentially involved.
The main attack vector in this campaign is e-mails with crafted malicious Word, Excel or PDF documents attached.
Once infected, the computer could be accessed remotely not just by the cybercriminal group itself, evidence collected by Kaspersky researchers shows that remote access to hospitality desks and the data they contain is sold on criminal forums on a subscription basis.