AI powered cyberattacks put hotel guests at risk, warns Kaspersky
Kaspersky says the cybercriminal group RevengeHotels is using AI to steal hotel guests’ payment data and personal information. Phishing emails disguised as bookings or job applications put travellers at risk even in well known hotels.
Image: IOL / Ron AI
Kaspersky has raised the alarm over a new wave of cyberattacks targeting hotels and their guests, warning that criminals are increasingly using artificial intelligence to steal payment data and personal information.
Between June and August 2025, the company’s Global Research and Analysis Team discovered that the threat group known as RevengeHotels has stepped up its methods by incorporating AI generated code into its attacks.
The group has been active since 2015 but recent analysis shows its operations have become more sophisticated and harder to detect.
While Brazil has been the primary target of these cyberattacks, reports have emerged from several countries across the globe.
With South Africa and Kenya ranking as popular tourist destinations, and Nigeria attracting high volumes of business travel, the threat is considered relevant to Africa as well.
The attacks typically begin with phishing emails sent directly to hotel staff, disguised as legitimate requests for reservations or job applications.
Once an unsuspecting employee interacts with these messages, malware known as VenomRAT is installed on the hotel’s systems. This grants attackers access to sensitive guest data, including payment details.
Lisandro Ubiedo, an expert at Kaspersky’s Global Research and Analysis Team, explained that criminals are using AI to sharpen these old tricks.
“Cybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user. For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well known hotels,” Ubiedo said.
Kaspersky has advised hotels and businesses to take additional precautions in the face of this evolving threat.
These include treating all links and attachments with caution, even if emails appear friendly or legitimate, and making use of advanced security solutions such as the Kaspersky Next product line.
This software offers real time protection, threat visibility and the ability to investigate and respond to breaches quickly.
The company further recommends that organisations fine tune their antispam settings and avoid opening attachments from unknown senders, even if the messages appear to come from banks, online stores or familiar services.
In cases where attackers specifically target an organisation, phishing messages may be tailored to mimic scenarios familiar to staff, making vigilance even more important.
“Cybercriminals often distribute fake messages designed to lure users into clicking on malicious links,” said Ubiedo. “If attackers are specifically targeting your organisation, the email text may be customised. With that in mind, companies need to be extra cautious and educate their teams.”
Kaspersky also highlighted that even unexpected files from official looking emails should be treated with suspicion, as they may carry ransomware or spyware.
The warning comes at a time when international tourism and business travel is increasing, raising the stakes for hotels and their guests.
With AI now fuelling cybercrime, experts believe the hospitality industry must strengthen its defences to protect both their businesses and the millions of travellers who rely on them.