- Experts warn against false booking sites.com circulating on the web
- The sites are delivered with a false prompt “Accept Cookie” which downloads a rat
- Buyers should be on their care when searching for offers
Pirates have been found targeting vacationers around the world with remote Trojan horses (RAT) distributed via false reservation websites.com, experts warned.
HP Wolf Security researchers have found that cybercriminals have created websites which, at first glance, resemble Booking.com – they wear the same brand, the same color palette and the same formatting. However, the content of the website is blurred, and on it, a deceptive cookie banner is displayed.
If the victims press “Accept cookies”, they will trigger a download of a malicious JavaScript file. This, in turn, installs Xworm, a powerful rat that grants total control of attackers on the compromised device, including access to files, webcams and microphone. They can also use access to deactivate safety tools, deploy additional malware and exfiltrate passwords and other data.
Peak booking period
HP Wolf Security says he first spotted the campaign in the first quarter of 2025, which is a “summer vacation booking period”, and a moment when “click fatigue” settles, because potential thieves are reckless and do not pay attention to the sites they visit, ending with a disaster.
“Since the introduction of confidentiality regulations such as the GDPR, cookie prompts have become so standardized that most users have become used to” Click-St, later thought “,” said Patrick Schläpfer, principal researcher in the HP security laboratory.
“By imitating the appearance of a reservation site at a time when the holidays rush to make travel plans, the attackers do not need advanced techniques – just a well -timed prompt and the user’s instinct to click.”
There are a few things that users can do to stay safe, and the first is – to slow down during navigation.
Users must also ensure that they do not click on the links in emails or messages on social networks, especially for well-established sites such as booking. Instead, manually type the address of the browser navigation bar.
