A series of hotels and accommodation facilities in Vietnam attacked through virus-infected emails impersonating Booking.com
01:52:00 | 09-12-2025

A global cyberattack campaign called ClickFix is now targeting Vietnam, focusing on hotels, homestays, resorts and accommodation providers. Cybercriminals impersonate well-known booking platforms such as Booking.com and Expedia, sending emails with subjects like “Booking Confirmation,” “Customer Complaint,” “Payment Update,” or “Cancellation Notice.” These emails are disguised to look legitimate and contain links or Excel files posing as invoices or booking details but actually carrying malware.

Because it is difficult to distinguish between real and fake emails, users may lower their guard. Just clicking a link or opening an attachment activates the malware. From there, attackers can take control of the device, steal customer data—leading to personal information leaks—or install spyware to further infiltrate the system.

According to Bkav researchers, the ClickFix campaign uses PureRAT, a type of Remote Access Trojan (RAT) that grants attackers remote control, monitors user activity, steals passwords, expands lateral movement within internal networks, and hides persistently, making detection difficult.

Even more concerning, ClickFix appears to operate under an “Attack-as-a-Service” model, meaning attackers can purchase ready-made tools and launch attacks without advanced technical skills.

Vietnam has tens of thousands of accommodation establishments listed on major booking platforms such as Booking.com, Agoda, Traveloka, and Airbnb. This group is especially at risk because receptionists and booking staff often lack proper cybersecurity training and can be easily fooled by professional-looking fake booking emails.

With the New Year and Lunar New Year holidays approaching and travel demand increasing, the public and accommodation staff must remain highly vigilant:

  • Carefully check the sender’s email address

  • Do not open unknown attachments or links

  • Prefer accessing booking platforms through official apps or websites

  • Install email monitoring systems, antivirus software, and comprehensive anti-malware solutions, as built-in security tools in operating systems only provide basic protection and are insufficient against modern ransomware and long-term stealthy malware

 

Bkav

Share
Các tin bài khác