Hackers Leverage Blockchain to Hit Japan's Hotels Through Booking.com Phishing
ID: 956ca4e4-c6c6-5ce3-942b-214fea722517
STIX ID: report--956ca4e4-c6c6-5ce3-942b-214fea722517
Feed Name: Infosecurity Magazine (News)
### Executive summary: TrendAI discovered a phishing campaign targeting Booking.com partner accommodations (mainly in Japan) that delivers TONResolver, a Node.js-based RAT distributed via ZIP files containing LNK shortcuts that launch PowerShell; the malware uses the TON blockchain as a dead-drop resolver for C2 and employs VM-based obfuscation, enabling persistent remote control and potential credential theft, and TrendAI provides mitigations including blocking blockchain access, restricting Node.js and PowerShell, and filtering PowerShell web requests.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
