RevengeHotels Cybercrime Group Adopts AI and VenomRAT in Hotel Credit Card Theft Campaign

The cybercrime group known as RevengeHotels, also tracked as TA558, has launched a new wave of attacks against the hospitality sector, evolving its tactics with the help of Artificial Intelligence (AI) and a powerful new malware strain, VenomRAT. Active since 2015, RevengeHotels has long targeted hotels, travel agencies, and tourism businesses to steal credit card data from guests and travelers. But in 2025, the group has demonstrated a major leap in sophistication.In its latest campaign—observed in Brazil and spreading through Latin America and Europe—RevengeHotels shifted its phishing lures from fake invoices to job application emails containing malicious attachments. Victims who click the links are redirected to attacker-controlled sites hosting AI-generated malicious JavaScript and PowerShell scripts, designed to evade detection and deploy malware in stages.The final payload is VenomRAT, a remote access trojan that gives attackers hidden virtual desktop control, allowing them to harvest sensitive guest data, exfiltrate files, and even propagate via infected USB drives. This new malware marks a significant upgrade from the group’s legacy toolkit of older RATs like NjRAT and NanoCore.Kaspersky researchers warn that RevengeHotels’ adoption of AI for generating code and phishing lures makes its operations more scalable, multilingual, and harder to defend against. With the group’s geographic footprint widening and its technical arsenal advancing, hotels worldwide—especially those in Brazil, Mexico, Spain, and other travel hubs—are now at greater risk of credit card theft and large-scale data compromise.This episode breaks down who RevengeHotels is, how their tactics have evolved, and why AI-driven malware campaigns could reshape the future of cybercrime against the global hospitality sector.#RevengeHotels #TA558 #CyberCrime #VenomRAT #AIThreats #Hospitality #Hotels #CreditCardTheft #Phishing #Brazil #CyberSecurity #Malware #ThreatIntelligence

There are no comments yet.

Please log in to write the first comment.