- Phishing emails look ordinary but hide malware that compromises hotel systems
- VenomRAT gives criminals remote access to sensitive data within hotels
- RevengeHotels has operated since 2015, adapting methods to remain effective
Kaspersky has issued a warning about a new wave of cyberattacks aimed at hotel computing systems, with particular concern raised over the use of artificial intelligence-powered assaults.
The group behind these incidents, known as “RevengeHotels,” has been active since 2015, the company says, but its activities have slowed in recent years.
However, its recent adoption of AI-generated code has made its operations more dangerous and difficult to counter.
A shift in attack methods
Between June and August 2025, Kaspersky’s Global Research and Analysis Team tracked multiple intrusions linked to the group.
While “RevengeHotels” previously relied on relatively unsophisticated malware, its latest wave of campaigns shows a clear evolution.
By incorporating code likely generated with AI tools, the attackers can quickly produce malware variants that evade traditional security measures.
This makes older defenses less effective, even though the phishing tactics used to deliver the malware remain largely unchanged.
The group’s method is simple in principle. Emails posing as hotel booking requests or job applications are sent to hotel staff.
Once an employee clicks, malware known as VenomRAT is installed, giving the attackers remote access to hotel systems.
This access can be used to capture payment card information or other sensitive guest data.
Kaspersky’s researchers note that while the emails appear legitimate, the real danger lies in the harder-to-detect malicious payload embedded within them.
Historically, most of these attacks have been concentrated in Brazil, where hotels have borne the brunt of the activity.
However, Kaspersky has confirmed related incidents in Italy, and there are concerns that popular tourist and business destinations across Africa, including South Africa, Kenya, and Nigeria, could become prime targets.
Given the global reliance on digital hotel systems, researchers caution that no region should assume immunity from such threats.
“Cybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user,” said Lisandro Ubiedo of Kaspersky’s GReAT team.
“For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well-known hotels.”
How to stay safe
- Training hotel staff to recognize suspicious emails and avoid interacting with them unnecessarily.
- Configuring spam filters more aggressively to reduce the number of phishing messages reaching inboxes.
- Deploying endpoint detection systems that can identify infections early, before attackers gain control.
- Travelers must monitor their card activity closely to spot signs of fraudulent transactions.
- Using virtual payment methods where possible to limit exposure of actual card details.
