- Phishing’s emails are ordinary but they hide malware that compromises hotel systems
- Venomrat offers criminals remote access to confidential data within hotels
- Revengehotels has operated since 2015, adapting methods to remain effective
Kaspersky has issued a warning on a new wave of cyber attacks aimed at hotel computer systems, with a particular concern raised about the use of intelligence artificial assaults.
The group behind these incidents, known as “Vengengehotel”, has been active since 2015, says the company, but its activities have slowed in recent years.
However, its recent adoption of the code generated by AI has made its operations more dangerous and difficult to counteract.
A change in attack methods
Between June and August, 2025, Kaspersky’s global analysis and analysis team tracked multiple intrusions linked to the group.
While “Revengehotels” was previously based on relatively little sophisticated malware, its last wave of campaigns shows clear evolution.
When incorporating the code probably generated with AI tools, attackers can quickly produce malware variants that evade traditional security measures.
This makes older defenses less effective, despite the fact that phishing tactics used to deliver the malware remain largely unchanged.
The group’s method is simple in principle. Electronic emails that are submitted as reserve requests of hotels or job requests are sent to the hotel staff.
Once an employee clicks, the malware known as Venomrat is installed, which gives attackers remote access to hotel systems.
This access can be used to capture payment card information or other confidential data of guests.
Kaspersky researchers point out that, although emails seem legitimate, real danger lies in the most difficult malicious payload integrated into them.
Historically, most of these attacks have concentrated in Brazil, where hotels have taken the worst part of the activity.
However, Kaspersky has confirmed related incidents in Italy, and there is concern that popular tourist and commercial destinations in Africa, including South Africa, Kenya and Nigeria, could become main objectives.
Given the global dependence of digital hotel systems, researchers warn that no region must assume the immunity of such threats.
“Cybercriminals are increasingly using new tools and making their attacks more effective. This means that even family schemes, such as PHISHING Electronic Posts, are increasingly difficult to detect for a common user,” said Lisandro Ubiedo of the great Kaspersky team.
“For hotel guests, this translates into greater risks of data theft and personal data, even when it trusts known hotels.”
How to stay safe
- Train hotel staff to recognize suspicious emails and avoid interacting with them unnecessarily.
- Spam filter configuration more aggressively to reduce the amount of phishing messages that reach the inboxes.
- Implementation of final points detection systems that can identify early infections, before the attackers obtain control.
- Travelers must monitor their close card activity to detect fraudulent transactions signs.
- Using virtual payment methods whenever possible to limit the exposure of real card details.
