As per reports, Microsoft has uncovered an ongoing phishing campaign that targets the hospitality sector. The campaign involves impersonating an online travel agency (Booking.com) and using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware.

The deployed malware payloads include XWorm, Lumma Stealer, VenomRat, AsyncRAT, Danabot, and NetSupport RAT, all of which are capable of credential theft, remote access, and financial fraud.