A fresh wave of digital threats emerged just after Christmas 2025, aimed squarely at European lodging spots. Instead of random attacks, it used clever email tricks made to look like they came from Booking.com. Staff members got messages that seemed urgent, nudging them to click without thinking twice. Once opened, hidden code slipped inside their systems quietly. That backdoor let attackers take control through software called DCRat. Behind the scenes, the whole scheme ran under the name PHALTBLYX.
Research from Securonix shows the attack kicks off using fake emails made to look like Booking.com alerts. A supposed booking cancellation triggers the alert. Displayed boldly is a charge in euros – frequently more than €1,000. That sum aims straight at emotions, sparking alarm. Fear takes over, nudging people toward clicking before checking details.
Clicking the “See Details” button sends people nowhere near Booking.com. A hidden detour happens first – through another web address entirely. Then comes a counterfeit site built to trick. There, a phony CAPTCHA pops up out of nowhere. After that, a fake Blue Screen appears like it is urgent. Words flash: fix this now by clicking here. Those clicks run harmful PowerShell scripts without warning. The whole chain relies on looking real until it is too late.
Something begins before the main event – stages unfold slowly, one after another. A hidden rhythm runs through it all, tied to familiar pa
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: