Ads on gaming and social media sites have been leveraged to redirect users to fake Booking.com websites that spread the AsyncRAT backdoor as part of an attack campaign that commenced in mid-May, reports Cybernews.
Threat actors behind the campaign have used at least 14 different addresses for the counterfeit Booking.com sites, which lure visitors into ticking a fake CAPTCHA prompt that enables clipboard copying permissions, as well as executing a Run command, findings from Malwarebytes Labs showed. Such action is followed by the pasting of an obfuscated malicious script into a Run box and the opening of a concealed PowerShell window before the eventual installation of AsyncRAT, according to MalwareBytes Labs researchers, who urged users to not only avoid websites offering suspicious instructions but also implement domain-blocking browser extensions and anti-malware solutions. Such a scheme comes after Booking.com was exploited in separate intrusions involving credential-stealing malware and hotel staff-targeted phishing.
Threat actors behind the campaign have used at least 14 different addresses for the counterfeit Booking.com sites, which lure visitors into ticking a fake CAPTCHA prompt that enables clipboard copying permissions, as well as executing a Run command, findings from Malwarebytes Labs showed. Such action is followed by the pasting of an obfuscated malicious script into a Run box and the opening of a concealed PowerShell window before the eventual installation of AsyncRAT, according to MalwareBytes Labs researchers, who urged users to not only avoid websites offering suspicious instructions but also implement domain-blocking browser extensions and anti-malware solutions. Such a scheme comes after Booking.com was exploited in separate intrusions involving credential-stealing malware and hotel staff-targeted phishing.
