A Familiar Threat Evolves
Category: Cybercrime / Hospitality Infrastructure Attack
Features: AI-generated malware code, phishing campaigns, remote access trojans, payment card theft, multinational targeting
Delivery Method: Phishing emails (fake invoices & job applications), malicious attachments, VenomRAT infection chain
Threat Actor: RevengeHotels (active since 2015)
Hotels, once seen as a haven for travelers, are now being turned into gateways for cybercriminal enterprises. The hacker collective known as RevengeHotels, active since 2015, has resurfaced with an alarming upgrade: the integration of artificial intelligence into its campaigns.
Traditionally, the group’s operations focused on stealing payment card data from hotel guests by compromising front-desk systems, booking software, and internal networks. Now, armed with large language model (LLM)-assisted code, RevengeHotels is sharpening its attacks, making them cleaner, stealthier, and harder to detect.
Researchers at Kaspersky confirm that the group is deploying VenomRAT, a remote access trojan capable of:
- Stealing credentials and session tokens
- Exfiltrating sensitive guest data
- Controlling infected endpoints remotely
- Deploying follow-on malware payloads
VenomRAT, priced at up to $650 in underground markets, evolved from the QuasarRAT family and is now augmented with AI-generated code complete with structured logic, error handling, and detailed comments.
“This suggests that RevengeHotels isn’t just maintaining operations,” Kaspersky reported. “They are modernizing with AI to evolve their capabilities — a trend spreading across cybercriminal groups.”
The Phishing Playbook
The group’s entry point remains deceptively simple:
- Emails disguised as invoices from tour operators.
- Fake job applications laced with malicious attachments.
- Spanish- and Portuguese-language lures tailored to hotel staff.
Once opened, these attachments launch the VenomRAT payload. From there, the attackers gain complete control of the compromised endpoint, harvest financial details, and pivot into wider hotel networks.
The sophistication lies not in the delivery method but in the persistence techniques — rotating domains, shifting malware signatures, and polymorphic payloads designed to stay one step ahead of defenses.
From Brazil to the World
While Brazil remains the core operational zone, recent campaigns show the group expanding aggressively:
- Mexico, Argentina, Chile, Costa Rica, and Spain now face ongoing campaigns.
- Previous operations already reached Russia, Belarus, and Turkey.
Hotels are only the starting point. By infiltrating the hospitality ecosystem, attackers gain access to:
- Guest payment cards used globally.
- Corporate travel accounts tied to multinational firms.
- Personal data of high-value travelers — a commodity in black markets and espionage pipelines alike.
The tourism industry is particularly exposed because of thin security budgets, high turnover among staff, and dependence on legacy property-management systems that were never hardened for modern cyber threats.
AI in the Hands of Criminals
The integration of AI in this campaign is part of a broader criminal adoption curve. Other recent cases illustrate the trend:
- North Korean hackers used ChatGPT to generate deepfake military ID cards for phishing against South Korean defense targets (Genians).
- State-backed actors in China, Russia, and Iran have experimented with AI for malware refinement, disinformation campaigns, and fraud schemes (OpenAI, June 2025).
What distinguishes RevengeHotels is their application of AI to operational malware code rather than just phishing lures. This means AI is no longer simply writing scam emails — it’s engineering working malware that passes detection checks.
Infrastructure at Risk
The risks here are not limited to stolen credit cards. A hotel’s digital footprint contains:
- Government-issued IDs scanned at check-in.
- Corporate booking data linking employees to employers.
- Location data of political figures, executives, and journalists.
This makes hotels attractive not just to criminals but to espionage actors seeking to map the movements of high-value individuals. RevengeHotels’ activity may overlap with, or provide infrastructure for, larger state-backed intelligence goals.
Forecast — Next 30 Days
- Continued Campaigns: Expect further expansion into European and North American hotel networks.
- Malware Evolution: AI-assisted polymorphic strains of VenomRAT likely to surface in threat feeds.
- Sector Alerts: Hospitality security advisories from CERTs and vendors expected, with urgent patching recommendations.
- Traveler Impact: More cases of stolen card data linked to hotel stays will emerge in banking fraud reports.
- Policy Push: Calls for tourism sector cybersecurity standards may intensify as global travel risks escalate.
TRJ Verdict
The RevengeHotels campaign is more than an attack on hotel guests. It is the weaponization of AI against the global tourism industry, where digital compromise intersects with physical travel. Every check-in terminal, every scanned passport, every guest record is now a potential intelligence harvest.
This is not just about stolen payment cards. It’s about the erosion of trust in the very places people go to rest, convene, and feel secure. If a hotel lobby can be turned into a battlefield for AI-assisted malware, then the hospitality sector has become one of the new frontlines of global cyberwarfare.
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 2 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.
🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
Interesting! I wasn’t aware of this threat. Thank you for sharing.
You’re very welcome, Edward — I’m glad this helped shed some light on it. The use of AI in cybercrime is evolving fast, and campaigns like this are a clear example of how attackers are turning new tools into new threats. Always appreciate you taking the time to read and engage. I hope you have a great night. 😎
You’re very welcome, and same to you.
VenomRAT sounds like an appropriate name for this. We knew there would be downsides to the proliferation of AI and this is just one example. I can definitely see how this would cause an erosion of trust for travelers. When the bad guys are smart enough to use AI against and industry like this, who knows how it will survive?
What can the tourism industry do to to fight this, John?
Thank you for this report, by the way!
You’re very welcome, Chris — and you’re right, VenomRAT is an all-too-fitting name. This is exactly the kind of downside many warned about with AI proliferation: criminals leveraging the same tools for cleaner code, stealthier attacks, and more devastating reach. And yes, when travelers lose trust in the systems that handle their payment data and IDs, the damage isn’t just financial — it’s reputational, and that can cripple an industry built on confidence.
As for what the tourism sector can do — the fight starts with raising the bar on digital hygiene:
Hotels and travel companies need to invest in segmented networks so front-desk systems aren’t a single point of failure.
They must adopt zero-trust principles — assume every connection is hostile until verified.
Staff training is critical, because most of these campaigns still start with a phishing email.
Shared threat intelligence between hotels, vendors, and national CERTs could help flag attacks before they spread.
And critically, governments may need to step in with baseline cybersecurity standards for hospitality, the way they have for banking or energy, since travel is now part of critical economic infrastructure.
The industry won’t survive by treating this as “just another IT issue.” It has to treat cyber defense the same way it treats guest safety — as non-negotiable.
Thank you very much, Chris — always greatly appreciated. I hope you have a great night, and God bless you and yours. 😎
You’re welcome, John, and thank you for your feedback on these circumstances. I’m sure that if your suggestions were implemented that it would be far more difficult for the bad guys to be so intrusive.
Thank you for your kindness and I hope you have a wonderful day!