© 2026 CoolTechZone - Latest tech news,
product reviews, and analyses.

Russian hackers have set their eyes on the European hospitality sector


Russia-linked threat actors have launched a stealthy malware campaign targeting European organizations in the hospitality sector using so-called ClickFix social engineering attacks.

Threat researchers from cybersecurity firm Securonix have dubbed the campaign PHALT#BLYX.

It usually starts with Booking.com lure to deliver phishing emails that contain a URL to a fake Booking.com-themed website.

The website shows a fake captcha, triggering a fake blue screen of death (BSOD), which is designed to trick victims into ‘fixing’ the issue by pasting a malicious PowerShell command into Windows Run dialog.

The pasted script executes a PowerShell command that downloads an MSBuild project file, or v.proj file. Next, it compiles and executes the embedded payload within the project file.

Then, it uses a heavily obfuscated version of DCRat, which is malware that enables full remote access, establishes a connection to the Command and Control (C2) server, and injects a secondary payload in ‘aspnet_compiler.exe.’

The malware stays hidden by disabling Windows Defender and establishes persistent access by installing a .url file in the Startup folder.

The malware can hide itself in legitimate processes, record keystrokes, and give attackers persistent access to systems. Attackers can also use DCRat to install additional malware on victims' systems.

The campaign mainly targets European organizations in the hospitality sector. The malicious project file contains Russian-language code, which, according to the researchers, indicates links to Russian threat actors who use DCRat.

“While the campaign targets the hospitality sector with specific financial lures, the underlying tradecraft suggests a threat actor capable of adapting to various industries,” Securonix researchers warn.

The cybersecurity firm recommends that organizations look beyond file-based detection and focus on identifying behavioral anomalies and process lineage to detect and prevent these multi-staged attacks.