Recommended reading

Holidaymakers under threat from devious new cyber threat - here's how to stay safe

News
By published

Fake Booking.com site found dropping a dangerous RAT to people's computers

Beach Reading
(Image credit: Lance Ulanoff)
  • Experts warns of fake Booking.com sites circulating the web
  • The sites come with a fake "Accept Cookie" prompt that downloads a RAT
  • Shoppers should be on their guard when searching for deals

Hackers have been found targeting holidaymakers around the world with remote access trojans (RAT) distributed through fake Booking.com websites, experts have warned.

Researchers from HP Wolf Security found cybercriminals have been making websites that, on first glance, look just like booking.com - they carry the same branding, the same color scheme, and same formatting. However, the content of the website is blurred, and over it, a deceptive cookie banner is displayed.

If victims press “Accept cookies”, they’ll trigger a download of a malicious JavaScript file. This, in turn, installs XWorm, a powerful RAT that grants the attackers full control over the compromised device, including access to files, webcams, and microphone. They can also use the access to disable security tools, deploy additional malware, and exfiltrate passwords and other data.

Peak booking period

HP Wolf Security says it first spotted the campaign in Q1 2025, which is “peak summer holiday booking period”, and a time when “click fatigue” sets in, as prospective holidaymakers are reckless and don’t pay attention to the sites they’re visiting, ending in disaster.

"Since the introduction of privacy regulations such as GDPR, cookie prompts have become so normalized that most users have fallen into a habit of ‘click-first, think later,’” commented Patrick Schläpfer, Principal Threat Researcher in the HP Security Lab.

“By mimicking the look and feel of a booking site at a time when holiday-goers are rushing to make travel plans, attackers don’t need advanced techniques - just a well-timed prompt and the user’s instinct to click.”

There are a few things users can do to stay safe, and the first one is - to slow down when browsing.

Users should also make sure not to click on links in emails or social media messages, especially for well-established sites such as Booking. Instead, type in the address in the browser’s navigation bar manually.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.