A new phishing campaign, dubbed Photo ZIP, is targeting the hospitality industry. Microsoft detected that attackers are sending ZIP files disguised as photos to sneak in a malicious Node.js program. The goal is to steal sensitive guest data, such as credit card numbers or reservation details. If hotel staff falls for the trick, customer data becomes exposed.
Node.js as a Backdoor: The Technical Detail of the Attack 🛡️
The malware hides inside a ZIP file that appears to contain images. When opened, a Node.js script executes, establishing a remote connection with the attackers. This script enables credential theft, exfiltration of reservation databases, and capture of payment information. Microsoft researchers note that the campaign specifically targets front desk and administrative staff, using emails with subjects related to reservations or events.
Your Dream Hotel, Now with WiFi and Free Malware 🏨
Because nothing says welcome like the receptionist opening a file named photo_of_your_room.zip and ending up giving your data to a cybercriminal. It's no longer enough to check for bedbugs; now you have to ask if the reservation system has antivirus. Sure, the minibar is still expensive, but at least now you know the real danger isn't the 10-euro bottle of water, but the email the front desk person opened.