Kaspersky Warns Travelers: AI-Powered Attacks Are Targeting Hotel Guests

(MENAFN- Mid-East Info) If you've recently stayed at a hotel in Brazil or Spain, your credit card details might be at risk. Between June and August 2025, Kaspersky's Global Research and Analysis Team GReAT discovered a new wave of cyberattacks by a threat group called RevengeHotels, which targets hotels to gain access to guests' payment information. The group has operated since 2015 and has since upgraded its methods. The threat actor is now using artificial intelligence to make attacks more effective and reach additional regions. Analysis shows that many of the new malicious programs used in these attacks contain code likely generated with AI, making them more sophisticated and harder to detect.

Brazilian hotels are the main targets, but attacks have also been reported in countries such as Argentina, Bolivia, Chile, Costa Rica, Mexico, and Spain. Earlier there was another campaign discovered from the same actor, which targeted users in Russia, Belarus, Turkey, Malaysia, Italy and Egypt.

How the attacks work: the threat actor sends phishing emails directly to hotel staff, often disguised as requests for reservation or job applications. Once a hotel employee interacts with these emails, malware called VenomRAT is installed on the hotel's systems, giving attackers access to guests' payment data and other sensitive information. The emails often look convincing, coming from legitimate-looking websites or Portuguese-themed domain names.

“Сybercriminals are often using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user. For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well-known hotels,” comments Lisandro Ubiedo, expert at Kaspersky's Global Research and Analysis Team.

To stay safe, Kaspersky recommends:

• Even if an email seems friendly, treat links and attachments with care. To protect your company use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry.
• Cybercriminals often distribute fake email messages mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware. If attackers are specifically targeting your organization, the email text may be more customized, mimicking services or scenarios familiar to your company. With that in mind, fine-tune your antispam settings and never open attachments sent by an unknown sender.
• Try not to open unexpected files sent by you massively. They may be ransomware or even spyware, even attachments from official-looking emails.

About Kaspersky:

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them.

MENAFN18092025005446012082ID1110080891