Redazione RHC : 15 August 2025 12:13
Attackers have started using an unusual trick to disguise phishing links, making them appear as Booking.com addresses. The new malware campaign uses the Japanese hiragana character “ん” (U+3093). In some fonts and interfaces, it visually resembles a slash, making the URL appear to be a normal path on the site, although it actually leads to a fake domain.
Researcher JAMESWT discovered that the link in phishing emails looks like this:
https://admin.booking.com/hotel/hoteladmin/…
But it actually directs the user to a type
https://account.booking.comんdetailんrestrict-access.www-account-booking.com/en/.
Everything before “www-account-booking[.]com” is just a subdomain that mimics the structure of the real site. The real registered domain belongs to the attackers. By clicking on it, the victim ends up on the
pagewww-account-booking[.]com/c.php?a=0
which downloads a malicious MSI file from the CDN node updatessoftware.b-cdn[.]net.
According to analysis by MalwareBazaar and ANY.RUN , the installer distributes additional components, likely infostealers or remote access tools.
The technique relies on the use of homoglyphs, which are symbols that look like other symbols but belong to different alphabets or Unicode sets. Such symbols are often used in homograph and phishing attacks. An example is the Cyrillic “O” (U+041E), which is almost indistinguishable from the Latin “O” (U+004F). Despite browser and service developers adding protections against such substitutions, attacks continue to occur.
This isn’t the first time Booking.com has become a phishing bait. In March, Microsoft Threat Intelligence reported emails masquerading as a booking service that used the ClickFix technique to infect hotel employees’ computers. And in April, Malwarebytes researchers reported a similar scheme.
However, the use of homoglyphs like “ん” can fool even the most careful users, so it’s important to supplement caution with up-to-date antivirus software that can block the download of malicious content.
Redazione