Hey, listen up if you’re into renting out places on Booking.com or just booking trips—you might want to watch out for this sneaky trick bad guys are pulling. Crooks are messing with the site’s look using bits from the Japanese writing system to fake it all out and spread nasty software.
This security guy who goes by JAMESWT spotted it not long ago. He’s talking about these phony emails hitting folks who have properties listed on that big hotel-booking platform. The message claims somebody griped about your spot, and hey, better check it quick or risk getting booted off.
They toss in a link that seems totally normal at first peek. But zoom in on the web address, and nope— instead of the usual slash mark like ‘/’, they’ve swapped it for this hiragana letter ‘ん’ that sounds like ‘n’ in Japanese. Hiragana’s one of the scripts they use over there, mixed with stuff like katakana and those fancy kanji symbols.
If you miss that and click through? Boom, you’re hit with a bad installer file—an MSI thing—coming from some content network. JAMESWT mentioned you can find examples of this junk on MalwareBazaar, that site for sharing cyber threats, and there’s even a breakdown on any.run showing how the whole infection plays out step by step.
Word is, these attackers are faking Booking.com to sneak in tools that steal your info or let them remote-control your device, like those RAT programs. Yikes.
Swapping just one little symbol in a link to fool people into visiting bogus sites? That’s an old hat in the hacking world—folks call it typosquatting. It counts on you rushing through without double-checking the address.
Booking.com gets hit a lot because it’s huge for travel bookings, right up there with giants like Amazon, Microsoft, or DHL in these scams.
Staying safe isn’t rocket science, though. Just take a breath, scrutinize those surprise emails extra hard. Peek at links, files, the whole site— and yeah, hesitate before handing over personal stuff. That’s your best bet nowadays.
Spotted this on BleepingComputer.
