The RevengeHotels group is exploiting artificial intelligence to refine its phishing attacks and infiltrate hotel systems, putting travelers’ banking and personal data at risk.
[ZATAZ News English version] – The RevengeHotels collective is launching new attacks against hotels in Brazil, Latin America, and Europe. According to Kaspersky, hackers now rely on artificial intelligence to produce more structured malicious code, deployed through booby-trapped emails. Their VenomRAT malware, sold for up to $650 (≈ €610), enables file exfiltration and full control of infected computers. The campaigns aim to harvest payment data and sensitive customer information. Specialized outlets such as ZATAZ and DataSecurityBreach have long warned that hotels also store IDs, making these establishments prime targets for cybercriminals.
AI-Enhanced Phishing Campaigns
Active since 2015, RevengeHotels became known for infiltrating hotel systems to siphon travelers’ banking data. Their methods rely on fraudulent emails posing as invoices or job applications. When an employee opens the attachment, the VenomRAT spyware installs itself, giving hackers control over the machine.
VenomRAT, derived from the open-source QuasarRAT project, has been improved and sold on underground forums for up to $650 (≈ €610). It is designed to collect credentials, files, and sensitive data while providing remote administration capabilities.
Kaspersky researchers observed that the code used in this campaign shows signs of automation through language models. Artificial intelligence appears to have been leveraged to generate cleaner, better-documented code, making it harder to detect. Analysts see this as a sign of criminals increasingly using AI as a force multiplier.
Hotels Targeted in Latin America and Europe
Brazil remains the main victim, but the current campaign shows a wider reach. Emails in Spanish now target hotels in Mexico, Argentina, Chile, Costa Rica, and Spain.
The playbook remains the same: breach hotel management systems and extract stored information. These databases extend beyond credit card numbers. As ZATAZ and DataSecurityBreach emphasize, hotels also collect IDs, passports, and administrative records required at check-in. This wealth of sensitive data makes them especially attractive to criminal groups feeding the black market.
To avoid detection, RevengeHotels rotates domain names and frequently modifies malware payloads. This rapid turnover hinders traditional defenses. The ultimate goal remains unchanged: exploit hotel infrastructures to harvest large volumes of financial and personal data.
AI as a New Cybercrime Tool
RevengeHotels is not an isolated case. Several groups now exploit artificial intelligence to sharpen their attacks. Kaspersky highlights this as part of a broader trend, echoed by other recent incidents.
South Korean company Genians reported that North Korean hackers used ChatGPT to create fake military ID cards in a phishing operation targeting defense-related organizations.
OpenAI also confirmed in June that state actors were exploiting its models to refine malware, generate fake professional profiles, and spread online disinformation.
These cases show that AI is becoming a strategic tool for diverse threat actors, from profit-driven criminal groups to states running offensive intelligence operations.
The RevengeHotels attacks confirm that artificial intelligence is becoming a lever for industrializing cybercrime. By targeting the hotel industry, hackers aim at a sector storing uniquely rich personal and financial data, from credit cards to identity documents. The open question: how to strengthen the security of these infrastructures which, due to their role in international tourism, have become prized data reservoirs for cybercriminals and potentially exploitable by hostile intelligence services?
