A long-running cybercrime group, RevengeHotels, has significantly upgraded its methods by leveraging Artificial Intelligence (AI) to launch sophisticated attacks on hotels worldwide, putting guests’ payment information at higher risk.
Kaspersky’s Global Research and Analysis Team (GReAT) discovered a new wave of these attacks between June and August 2025. While hotels in Brazil have been the primary targets, the threat is global, with cases reported in other countries and growing potential to affect popular destinations across Africa, including South Africa, Kenya, and Nigeria
The RevengeHotels group has been active since 2015, but their new campaign marks a dangerous evolution. Analysis of the recent malicious programs shows they contain code likely generated by AI models, which makes them:
- More Sophisticated: The malware is cleaner, more structured, and often includes detailed comments, helping the attackers manage and scale their tools more effectively.
- Harder to Detect: The AI-assisted code allows the threat actors to bypass traditional security measures more easily, enhancing the malware’s evasion capabilities.
As Lisandro Ubiedo, an expert at Kaspersky’s GReAT, notes: “Cybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user. For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well-known hotels.”
The operation targets the hospitality sector’s weakest link: front-desk staff.
Attackers send convincing phishing emails directly to hotel employees. These emails are typically disguised as seemingly legitimate reservation requests or even job applications, complete with documents the staff would be expected to open. Once a hotel employee interacts with the email, by clicking a malicious link or opening an attachment, the system is infected with a Remote Access Trojan (RAT) called VenomRAT. VenomRAT gives the attackers remote access to the hotel’s systems, allowing them to steal sensitive guest information, including payment card data and other personal details stored in the reservation software.
The goal remains the same, to compromise hotel systems to harvest sensitive data from travelers worldwide.
For both individuals and hotels, heightened vigilance is necessary to defend against these AI-enhanced threats:
For Hotel Guests;
- Keep a close eye on your credit card statements for any unauthorized charges following a hotel stay, especially one in a high-risk region.
- When booking, consider using a virtual credit card number or a payment service that doesn’t expose your primary card details directly to the hotel’s system.
- Be mindful of the personal data you provide, particularly when communicating via email or unsecured channels.
For Hotels and Businesses;
- Conduct mandatory and regular training to help staff recognize sophisticated phishing emails, especially those disguised as reservation queries or CVs. Stress the importance of verifying unexpected requests.
- Never open attachments or click links from unexpected emails, even if they look friendly. Fine-tune your antispam settings to filter out suspicious communications.
- Ensure your company uses modern security solutions that provide real-time protection and the advanced detection and response capabilities (EDR/XDR) needed to spot AI-generated malware.
- Treat all unexpected files, even those from official-looking emails, as potential threats like ransomware or spyware.
Source: Kaspersky
