ClickFix Phishing Campaign Targets Hotels, Delivers PureRAT
🔒 Sekoia warns of a large-scale phishing campaign targeting hotel staff that uses ClickFix-style pages to harvest credentials and deliver PureRAT. Attackers impersonate Booking.com in spear-phishing emails, redirect victims through a scripted chain to a fake reCAPTCHA page, and coerce them into running a PowerShell command that downloads a ZIP containing a DLL-side‑loaded backdoor. The modular RAT supports remote access, keylogging, webcam capture and data exfiltration and persists via a Run registry key.
