A targeted malspam operation known as “Inhospitality” has been uncovered by cybersecurity researchers. This operation utilizes social engineering tactics and malware to exploit potential victims in the hospitality industry.


The “Inhospitality” campaign begins with deceptive emails that appear to be complaints or requests for information regarding hotel services. These initial emails aim to establish trust with the targets and do not contain any malicious content. However, once a hotel representative responds [2], the attackers send a follow-up email that includes links to malicious payloads [2].

To gain access to victims’ systems [1], the attackers employ various tactics, such as lodging complaints about violent incidents or theft during a guest’s hotel stay [1] [3] [4]. The malware is concealed within password-protected archive files shared through public cloud storage services like Google Drive [1]. The malware, specifically the Redline Stealer or Vidar Stealer variants [1] [3] [4], connects to a Telegram channel for command-and-control purposes and exfiltrates data like desktop screenshots and browser information [1] [3] [4].

Sophos X-Ops [1] [3] [4], a cybersecurity firm, has retrieved more than 50 unique samples from cloud storage associated with this campaign [1] [3] [4]. They have also published indicators of compromise on their GitHub repository [1] [3] [4]. This discovery underscores the urgent need for heightened cybersecurity vigilance within the hospitality industry. It highlights the importance of proactive measures and employee training to recognize and respond to sophisticated cyber threats [2].


The “Inhospitality” operation has significant implications for the hospitality industry. It emphasizes the need for increased cybersecurity measures to protect against similar attacks. Organizations within the industry should prioritize employee training to enhance their ability to identify and respond to these types of threats. By taking proactive measures, the industry can better safeguard sensitive data and maintain the trust of their customers.


[1] https://ciso2ciso.com/hospitality-industry-faces-new-password-stealing-malware-source-www-infosecurity-magazine-com/
[2] https://securityonline.info/sophos-x-ops-alerts-inhospitality-malspam-targets-hotels-with-deceptive-tactics/
[3] https://flyytech.com/2023/12/21/hospitality-industry-faces-new-password-stealing-malware/
[4] https://www.infosecurity-magazine.com/news/hospitality-industry-password/