Global malspam targets hotels, spreading Redline and Vidar stealers

A sophisticated malspam campaign that is targeting the hotel sector world-wide uses social engineering tactics to trick hotel representatives into opening malware-infected password-protected archives, according to cybersecurity researchers at Sophos X-Ops. The attacks consist of complaints about service problems or requests for information to create the impression of a legitimate situation before sending out links to malicious payloads. Most samples have a code-validation certificate and the malware connects to a Telegram encrypted messaging service URL, uses HTTP POST requests to send telemetry about the infected machine, and submits it to the bot controller.