Newsletters
Cybersecurity company Kaspersky has discovered a wave of artificial intelligence-powered cyberattacks targeting hotel guests, putting payment and personal data at risk.
The campaign was first detected in Brazil but has also reached hotels in Argentina, Bolivia, Chile, Costa Rica, Mexico and Spain.
A previous campaign by the same attacker targeted users in Russia, Belarus, Türkiye, Malaysia, Italy and Egypt.
According to Kaspersky’s statement to Anadolu Agency (AA), attackers send phishing emails that look like reservation requests or job applications directly to hotel staff.
Once an employee interacts with these emails, malicious software called VenomRAT installs on the hotel’s systems.
This gives cybercriminals access to:
The phishing emails often appear to come from legitimate websites or domains with Portuguese-language themes, making them harder to spot.
Kaspersky Global Research and Analysis Team expert Lisandro Ubiedo said AI is making cyberattacks more effective.
“Cybercriminals often use artificial intelligence to create new tools and make their attacks more convincing,” Ubiedo said.
“Even if you trust well-known hotels, the risk of card and personal data theft may increase.”
He added that AI-generated phishing emails are now difficult for the average user to detect.
Kaspersky shared several steps travelers and hotels can take to reduce risk:
Hotels hold sensitive information about guests, including credit card details and passport scans.
Successful breaches can expose this data to criminal groups, leading to financial loss and identity theft.
Travelers are urged to stay alert and confirm suspicious communications directly with the hotel before sharing information.
2 min read
