Attackers Use TON Blockchain to Target Hotels
π‘οΈ Trend Micro's TrendAI discovered a phishing campaign targeting Booking.com partner accommodations in Japan that uses guest complaint impersonations to trick staff into opening malicious attachments. The delivered malware, TONResolver, is hosted via a smart contract on the TON blockchain and acts as a remote access trojan, establishing persistent backdoor connectivity for follow-up intrusion. Attackers abused scheduling-tool notifications to bypass SPF/DKIM/DMARC protections and used Node.js obfuscation and LNK-based delivery to frustrate detection.
