ClickFix attack delivers infostealers, RATs in fake Booking.com emails

Summary: Microsoft has issued a warning about a phishing campaign impersonating Booking.com that employs ClickFix social engineering tactics to deploy malware among hospitality workers. This campaign, attributed to the threat group Storm-1865, aims to steal customer payment details and personal information through various malicious methods. As the campaign continues, Microsoft advises organizations to be vigilant and verify communications’ legitimacy.

Affected: Hospitality organizations using Booking.com

Keypoints :

Storm-1865 uses ClickFix attacks that trick users into executing malicious commands via fake error prompts.
Phishing emails appear as legitimate inquiries related to Booking.com, directing victims to malicious CAPTCHA pages.
The executed commands lead to the installation of various malware types, including infostealers and remote access trojans.
Microsoft recommends confirming sender legitimacy and independently verifying account statuses to mitigate risks.

Source: https://www.bleepingcomputer.com/news/security/clickfix-attack-delivers-infostealers-rats-in-fake-bookingcom-emails/

Tags: SOCIAL ENGINEERING, PAYLOAD, PHISHING, EMAIL, WINDOWS, FINANCIAL