- Phishing emails are ordinary but hide malware that compromises hotel systems
- Venomrat gives criminals remote access to sensitive data in hotels
- Revegehotels has been working since 2015, the adaptation of methods to remain effective
Kaspersky has issued a warning concerning a new wave of cyber attacks intended for hotel computer systems, with a particular concern raised concerning the use of artificial aggressions powered by intelligence.
The group behind these incidents, known as “Revegehotels”, has been active since 2015, according to the company, but its activities have slowed down in recent years.
However, its recent adoption of the code generated by AI has rendered its operations more dangerous and difficult to counter.
A change in attack methods
Between June and August 2025, the World Kaspersky Research and Analysis team followed several intrusions related to the group.
While “Revegehotels” previously based on relatively little sophisticated malware, its latest wave of campaigns shows a clear evolution.
By incorporating the code probably generated with AI tools, attackers can quickly produce variations of malware that escape traditional security measures.
This makes the defenses older older, even if the phishing tactics used to deliver, malicious software remains largely unchanged.
The group method is simple in principle. E -mails presenting themselves as hotel reservation requests or job requests are sent to the hotel staff.
Once an employee clicks on, malicious software known as the Venomrat name is installed, giving attackers remote access to hotel systems.
This access can be used to capture information on the payment card or other sensitive guest data.
Kaspersky researchers note that even if emails seem legitimate, the real danger lies in the malicious payload more difficult to detect in them.
Historically, most of these attacks have been concentrated in Brazil, where hotels have brought the weight of the activity.
However, Kaspersky has confirmed related incidents in Italy, and there are concerns that popular tourist and commercial destinations across Africa, notably South Africa, Kenya and Nigeria, could become privileged targets.
Given global dependence on digital hotel systems, researchers warn that no region should assume the immunity of these threats.
“Cybercriminals are increasingly using AI to create new tools and make their attacks more effective.
“For hotel customers, this results in higher risks of theft of card and personal data, even when you trust well -known hotels.”
How to stay safe
- Train the hotel staff to recognize suspicious emails and to avoid interacting with them unnecessarily.
- Configuration of spam filters more aggressively to reduce the number of phishing messages reaching the reception boxes.
- Deployment of termination points detection systems that can identify infections early, before attackers took control.
- Travelers must closely monitor their card activity to identify signs of fraudulent transactions.
- Use of virtual payment methods as far as possible to limit exposure of the real card details.
