# RevengeHotels: AI-Powered Phishing Attacks Target Hotel Systems
The RevengeHotels collective has taken its phishing attacks to the next level, leveraging artificial intelligence to refine its malicious code and infiltrate hotel systems. This latest campaign aims to harvest payment data and sensitive customer information from hotels in Brazil, Latin America, and Europe.
According to Kaspersky, hackers are now using AI-generated code to deploy booby-trapped emails that contain VenomRAT malware. This malware allows for file exfiltration and full control of infected computers, making it a powerful tool for cybercriminals. The RevengeHotels group has been active since 2015, but this latest campaign shows a significant increase in sophistication.
The attacks begin with fraudulent emails posing as invoices or job applications. When an employee opens the attachment, the VenomRAT spyware installs itself, giving hackers control over the machine. The malware is designed to collect credentials, files, and sensitive data while providing remote administration capabilities.
Kaspersky researchers have observed that the code used in this campaign shows signs of automation through language models. Artificial intelligence appears to have been leveraged to generate cleaner, better-documented code, making it harder to detect. Analysts see this as a sign of criminals increasingly using AI as a force multiplier.
# A Growing Threat to Hotel Security
Hotels are prime targets for cybercriminals due to their storage of sensitive customer information and payment data. The current campaign shows a wider reach than previous attacks, with emails in Spanish targeting hotels in Mexico, Argentina, Chile, Costa Rica, and Spain.
The playbook remains the same: breach hotel management systems and extract stored information. These databases extend beyond credit card numbers, also including IDs, passports, and administrative records required at check-in. The ultimate goal of RevengeHotels is to exploit hotel infrastructures to harvest large volumes of financial and personal data.
# AI-Powered Cybercrime
RevengeHotels is not an isolated case. Several groups are now exploiting artificial intelligence to sharpen their attacks. Kaspersky highlights this as part of a broader trend, echoed by other recent incidents.
South Korean company Genians reported that North Korean hackers used ChatGPT to create fake military ID cards in a phishing operation targeting defense-related organizations. OpenAI also confirmed in June that state actors were exploiting its models to refine malware, generate fake professional profiles, and spread online disinformation.
These cases show that AI is becoming a strategic tool for diverse threat actors, from profit-driven criminal groups to states running offensive intelligence operations. The RevengeHotels attacks confirm that artificial intelligence is becoming a lever for industrializing cybercrime.
# A Call to Action
The hotel industry has become a prized data reservoir for cybercriminals and potentially exploitable by hostile intelligence services. It's essential to strengthen the security of these infrastructures, which play a crucial role in international tourism.
To avoid detection, RevengeHotels rotates domain names and frequently modifies malware payloads. This rapid turnover hinders traditional defenses. However, with the increasing sophistication of AI-powered cybercrime tools, it's essential for hotels to adopt more advanced security measures to protect themselves against these threats.
The open question remains: how to strengthen the security of hotel systems in the face of this growing threat? As AI continues to evolve as a tool for cybercriminals, it's crucial that the industry stays ahead of the curve and takes proactive steps to protect itself.