- Experts warn about the false Booking.com sites that circulate the web
- The sites come with a false “accept cookie” that downloads a rat
- Buyers must be on guard when they look for offers
Computer pirates has been found addressed to tourists around the world with remote access Trojans (RAT) distributed through false Booking.com websites, experts have warned.
HP Wolf Security researchers discovered that cybercriminals have been making websites that, at first glance, resemble Booking.com: they carry the same brand, the same color scheme and the same format. However, the content of the website is blurred, and on it, a deceptive cookies banner is shown.
If the victims press “accept cookies”, they will activate a discharge of a malicious JavaScript file. This, in turn, installs Xworm, a powerful rat that gives attackers the total control over the committed device, including access to files, web and microphone cameras. They can also use access to disable safety tools, implement additional malware and exfract passwords and other data.
Maximum reserve period
HP Wolf Security says that he first saw the campaign in the first quarter of 2025, which is “summer vacation reserve period”, and a time when “fatigue” is established, since possible tourists are reckless and do not pay attention to the sites they are visiting, ending in disaster.
“Since the introduction of privacy regulations, such as GDPR, the indications of cookies have been normalized so much that most users have cost ‘click-first, think later,'” said Patrick Schläpfer, main researcher of threats in the HP security laboratory.
“When imitating the appearance of a reserve site at a time when vacation attendees are hurried to make travel plans, attackers do not need advanced techniques, just a welcome notice and the user’s instinct to click.”
There are some things that users can do to stay safe, and the first is that it will be reduced when navigating.
Users should also make sure not to click on emails in emails or social networks messages, especially for well -established sites such as the reserve. Instead, write the address in the navigation bar of the browser manually.
