- Phishing -e emails look common but hide malware that compromises hotel systems
- Venous area provides criminal remote access to sensitive data within hotels
- Revengehotels have worked since 2015 and customization methods to remain effective
Kaspersky has issued a warning of a new wave of cyberattacks aimed at hotel calculation systems, with special concern raised over the use of artificial intelligence -driven abuse.
The group behind these events, known as “Revengehotels”, has been active since 2015, says the company, but its activities have subsided in recent years.
However, its recent adoption of AI-generated code has made its operations more dangerous and difficult to address.
A shift in attack methods
Between June and August 2025, Kaspersky’s global research and analysis teams asked several intrusions attached to the group.
While “Revengehotels” previously depended on relatively unsophisticated malware, its latest wave of campaigns shows a clear development.
By incorporating code that is likely to be generated with AI tools, attacks can quickly produce malware variants that avoid traditional security measures.
This makes older defense less effective, although the phishing tactics used to supply malware remain largely unchanged.
The group’s method is basically simple. E emails posing as requests for hotel booking or job applications are sent to the hotel staff.
When an employee clicks, malware is known as a friend area is installed, giving the striker remote access to hotel systems.
This access can be used to capture payment card information or other sensitive guest data.
Kaspersky’s researchers note that although emails occur legitimate, the real danger lies in the harder to-to-detecting malicious payloads embedded in them.
Historically, most of these attacks have been concentrated in Brazil, where hotels have carried the activity.
However, Kaspersky has confirmed related events in Italy, and there is concern that popular tourist and business destinations throughout Africa, including South Africa, Kenya and Nigeria, could become the most important goals.
Given the global dependence on digital hotel systems, researchers warn that no region should assume immunity against such threats.
“Cyber criminals are increasingly using AI to create new tools and make their attacks more effective. This means that even well -known schemes, like phishing -e emails, are becoming more difficult to spot for a joint user,” Lisandro Ubiedo of Kaspersky’s big team said.
“For hotel guests, this translates to higher risks of theft of cards and personal information even when you trust well -known hotels.”
How to remain safe
- Training of hotel staff to recognize suspicious e emails and avoid interacting with them unnecessarily.
- Configuration of spam filters more aggressively to reduce the number of phishing messages that reach inboxes.
- Implementation of endpoint detection systems that can identify infections early before attackers get control.
- Travelers need to monitor their card activity closely to see signs of false transactions.
- Using virtual payment methods where possible to limit the exposure of actual card information.
