Kaspersky: RevengeHotels checks back in with AI-coded malware
Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk
Kaspersky has raised the alarm over the resurgence of hotel-hacking outfit "RevengeHotels," which it claims is now using artificial intelligence to supercharge its scams. Between June and August this year, Kaskersky Global Research and Analysis Team (GReAT) found the group deploying malware with AI-generated code, making its intrusions harder to detect and far more effective.
The core playbook remains familiar: phishing emails, disguised as booking requests or job applications, land in the inboxes of hotel staff. Once opened, they deliver a remote access trojan known as VenomRAT, giving attackers control of the infected machine and a path to guests' card data and other personal details.
While the social engineering may be old-school, the malware's AI-crafted underpinnings represent a troubling leap in sophistication, Kaspersky says. "Cybercriminals are increasingly using AI to create new tools and make their attacks more effective," said Lisandro Ubiedo of Kaspersky's GReAT team. "This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user."
"For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well-known hotels," Ubiedo added.
The Russian cybersecurity firm says that Brazil has so far borne the brunt of the latest wave of RevengeHotel attacks, but notes that incidents have already surfaced elsewhere. The group's use of AI-generated code marks a shift from RevengeHotels' previous campaigns, which relied on cookie-cutter malware and crude phishing.
By leaning on auto-generated code, the crew can churn out fresh-looking variants that slip past older security tools, yet are simple enough to include a bog-standard phishing email. For hotel IT staff, that means the tricks look familiar, but the malware buried inside is far harder to spot and shut down.
Kaspersky's recommended defences will be familiar to any security pro: hotels should train staff to recognise suspicious emails, adjust spam filters, and deploy endpoint detection tools that can flag infections early. Travellers, meanwhile, can limit exposure by monitoring card activity closely or using virtual payment methods where possible.
A decade of deceit
RevengeHotels isn't new to this game. The group has been active for more than a decade, targeting hotels, hostels and other tourism outfits since 2015. Besides skimming card details, they've been flogging access to compromised property systems on dark-web markets so other crooks can swoop in and run scams.
This latest resurgence is a stark reminder of the ongoing threat posed by sophisticated cybercrime groups like RevengeHotels. As AI-powered attacks continue to evolve, it's essential for hotels and travellers alike to stay vigilant and take proactive measures to protect themselves from these types of threats.