Blockchain Phishing Scam Targets Japanese Hotels via Booking.com Emails

Cybercriminals are finding new ways to break into hotel systems. They are now using to send tricky emails that look like they come from Booking.com. This attack hits staff at hotels in Japan the hardest.

What Happened in This Attack

The hackers sent emails with subjects like Important Guest Stay Review Request. These messages pretended to be from guests who wanted to leave reviews or complain. When hotel workers clicked links or opened files, bad software got installed on their computers.

The main tool used was a malware called . It does not steal files right away. Instead it opens a secret door so the attackers can later take control and grab passwords or other data.

How the Malware Uses Blockchain

What makes this attack different is the use of . The malware checks this blockchain to find the latest command server address. This trick lets hackers change their control servers often without updating the malware itself. It becomes much harder for security teams to stop the attack.

The emails were sent through a normal scheduling service. This helped them slip past normal email checks like SPF and DMARC. The files inside were hidden as photos but were really shortcut files that ran PowerShell code to install the malware.

Why Japan Was the Main Target

Most of the fake emails went to Japanese hotels that work with Booking.com. Some messages also reached hotels in other countries like Australia, Germany, and the United States. But Japan saw the biggest number of attacks. The hackers seemed to focus there because many small hotels still use older computer systems that are easier to trick.

Extra Tricks to Avoid Detection

The malware was packed as a Node.js program and hidden with special code that makes it hard to study. Security researchers cannot easily look inside it. Once running, it keeps a live connection to the attackers so they can send more harmful tools later.

How to Protect Your Hotel

Hotel staff should be careful with any email that asks them to open files or click links about guest reviews. Always check the sender address twice. Use strong email filters and keep all software updated. Train workers to spot fake messages that try to start a conversation with the attacker.

Companies can also watch for unusual network traffic and block unknown blockchain addresses that the malware might use. Regular backups and two-factor login help limit damage if an attack succeeds.

The Bigger Picture

This case shows how that were made for good reasons can be twisted for crime. As more people use crypto networks, we will likely see more malware that hides inside them. Hotels and other small businesses need to stay alert and update their safety steps often.

Staying safe means learning about these new tricks before they reach your inbox. Simple habits like double-checking emails can stop most of these threats before they start.