https://www.infosecurity-magazine.com/news/clickfix-phishing-scam-booking/
A sophisticated ‘ClickFix’ phishing campaign is impersonating Booking.com to target hospitality firms with multiple infostealing malware, enabling financial fraud and theft.
The ongoing campaign, which began in December 2024, has been attributed by Microsoft Threat Intelligence to a threat cluster known as Storm-1865.
The attackers use a social engineering technique called ClickFix to specifically target individuals in hospitality organizations in North America, Oceania, South and Southeast Asia, and Europe, which are likely to work with Booking.com, an online travel agency.
ClickFix sees threat actors use fake error messages that instruct users to fix issues copying, pasting and launching commands that eventually result in the download of malware.
The technique can bypass conventional and automated security features as the user infects themselves…
