'Booking Offer' Email Scam

'Booking Offer' Email Scam Description

Cybercriminals are disseminating lure emails carrying poisoned attachments. The lure emails are presented as an inquiry from a supposed 8-man family that is looking to book a room with the recipient's establishment. The attached file is presented as containing various specifications, such as the desired room type, number of beds, etc. The fraudsters ask their victims to go over the file and send a reply if they have a room that matches the listed details.

However, executing the attached file will activate the installation process of malware known as FormBook that was lurking inside it. The threat is mostly used as an information collector. It can establish keylogging routines on the breached devices, monitor the activities on the system, extract data and more. The attackers also can use FormBook to deliver additional threatening payloads to the victim's device. These more specialized malware threats are likely to be based on the specific goals of the cybercriminals. Victims could be further infected with invasive RATs (Remote Access Trojans), data-encrypting ransomware, crypto-miners that will take over the available hardware resources and other threat types.