Ethical Hacking News
Kaspersky warns of the resurgence of "RevengeHotels" with AI-coded malware putting hotel guests' personal data at risk. Despite familiar tactics, the use of AI-generated code makes detection more challenging for hotels and travelers alike.
The Kaspersky Global Research and Analysis Team (GReAT) has identified a resurgence of the "RevengeHotels" group, which is now using artificial intelligence to supercharge its scams. The group is deploying malware with AI-generated code, making it harder for security tools to detect and more effective at exploiting hotel staff. The phishing emails are disguised as booking requests or job applications, delivering a remote access trojan (RAT) that grants attackers control over infected machines and personal data. The attacks have already surfaced in Brazil, Italy, and other countries, with hotel guests' card and personal data at risk of theft. Hotel staff can recognize suspicious emails and adjust spam filters to defend against the attack, while travelers can limit exposure by monitoring card activity or using virtual payment methods.
Kaspersky Global Research and Analysis Team (GReAT) has sounded the alarm over the resurgence of the infamous hotel-hacking outfit "RevengeHotels," which it claims is now utilizing artificial intelligence to supercharge its scams. Between June and August this year, Kaspersky GReAT discovered that RevengeHotel was deploying malware with AI-generated code, making its intrusions more challenging to detect and significantly more effective.
The core playbook remains largely familiar: phishing emails disguised as booking requests or job applications land in the inboxes of hotel staff. Upon opening them, these emails deliver a remote access trojan (RAT) known as VenomRAT, granting attackers control over the infected machine and a pathway to guests' card data and other personal details.
While the social engineering tactics used by RevengeHotels are hardly new-school, the malware's AI-crafted underpinnings represent a disturbing escalation in sophistication. According to Lisandro Ubiedo of Kaspersky's GReAT team, "Cybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user." For hotel guests, this translates into higher risks of card and personal data theft, even when they trust well-known hotels.
Brazil has thus far borne the brunt of the latest wave of RevengeHotel attacks, but incidents have already surfaced elsewhere. Italian hotels were breached en masse since June, with government confirmation of these breaches. Furthermore, an "angry guest" email from Booking.com is revealed to be a scam, rather than a 1-star review. Hotel check-in terminal bugs have also been discovered, spewing out access codes for guest rooms.
Cyberattack hits Omni Hotels systems, taking out bookings, payments, and door locks, while 3 million doors opened to uninvited guests in a keycard exploit. RevengeHotels' use of AI-generated code marks a shift from the group's previous campaigns, which relied on cookie-cutter malware and crude phishing. By leveraging auto-generated code, the crew can churn out fresh-looking variants that slip past older security tools yet are simple enough to include a bog-standard phishing email. For hotel IT staff, this means the tricks look familiar, but the malware buried inside is far harder to spot and shut down.
Kaspersky's recommended defenses will be familiar to any security pro: hotels should train their staff to recognize suspicious emails, adjust spam filters, and deploy endpoint detection tools that can flag infections early. Travellers, meanwhile, can limit exposure by monitoring card activity closely or using virtual payment methods where possible.
RevengeHotels is not new to this game. The group has been active for more than a decade, targeting hotels, hostels, and other tourism outfits since 2015. Besides skimming card details, they've been selling access to compromised property systems on dark-web markets so that other crooks can swoop in and run scams.
Related Information:
https://www.ethicalhackingnews.com/articles/Kaspersky-Sounds-the-Alarm-RevengeHotels-AI-Generated-Malware-Resurges-Putting-Hotel-Guests-at-Risk-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/23/kaspersky_revengehotels_checks_back_in/
https://www.theregister.com/2025/09/23/kaspersky_revengehotels_checks_back_in/
https://www.msn.com/en-us/technology/artificial-intelligence/kaspersky-revengehotels-checks-back-in-with-ai-coded-malware/ar-AA1N9gak
Published: Tue Sep 23 10:28:01 2025 by llama3.2 3B Q4_K_M
