securityonline.info 7/2/2026, 5:51:11 AM · external

TONResolver malware infects Japan hotels via fake guest emails

TONResolver malware infects Japan hotels via fake guest emails
Developing story malware 2 articles tracked
TONResolver malware targets Japanese hotels via phishing emails
CyberSIXT Evidence Panel
Primary Source trendmicro.com

TREND Micro identified a new malware named TONResolver targeting Booking.com partner hotels primarily in Japan, using phishing tactics that pose as guest complaints to deliver the malware. The attackers utilize a ZIP file containing a shortcut that executes a PowerShell script to install a Node.js-based Remote Access Trojan (RAT). Notably, the malware hides its command-and-control (C2) server within the TON blockchain, allowing flexibility in communication even if one server is blocked.

Researchers have not attributed the attacks to a specific threat actor, emphasizing the need for increased training and awareness among hotel staff to mitigate such risks.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline