The popularity of the Booking.com, one of the world’s biggest and most used online hotel reservations agency is getting misused in the latest malware distribution campaign.
According to MX Lab researchers, the campaign takes the form of emails supposedly coming from the agency, confirming a bogus reservation:
They urge the recipient to download and open the attached .zip file, which contains an executable by the name of Hotel-Booking_Confirmation.exe.
As expected, the file is actually malicious – a new strain of the Andromeda backdoor Trojan, which is currently detected by 27 of the 42 AV solutions used by VirusTotal.
Regular users of Booking.com are advised to be on the lookout for this type of email and to remember that the agency would never include an attachment in their emails to customers.