Sophos X-Ops Alerts: ‘Inhospitality’ Malspam Targets Hotels with Deceptive Tactics

Sophos X-Ops is warning the hospitality industry that the “Inhospitality” malspam campaign represents a cunning blend of social engineering and malware, specifically targeting the hospitality industry. By capitalizing on the sector’s commitment to customer service, this campaign has emerged as a significant threat, particularly exploiting the hotel industry’s front-desk operations.

The attackers initiate contact through emails disguised as complaints or information requests related to hotel services. These emails, crafted to provoke an urgent response, contain no malicious content initially. It’s only after a hotel representative responds that the attackers send a follow-up email with links to malicious payloads.

Image: Sophos

The campaign leverages a variety of emotionally charged scenarios, from allegations of poor service to requests for special accommodations. These messages often contain links to cloud storage services like Google Drive, along with passwords for accessing the alleged documents, which are, in reality, malware in password-protected archive files.

The campaign’s malware payloads are designed to evade traditional detection methods. They are often large files, exceeding 600MB, to slip past endpoint protection scanners, and frequently bear false or valid digital signatures to bypass security checks.

Primarily, this campaign deploys password-stealing malware like Redline Stealer or Vidar Stealer. The malware connects to command-and-control servers upon execution, extracting sensitive information from the infected systems.

The “Inhospitality” malspam campaign underscores the need for heightened vigilance in the hospitality industry. It’s a stark reminder that cybersecurity is a critical aspect of customer service and business operations, demanding proactive measures and employee training to recognize and respond to such sophisticated cyber threats.