Phishing Campaign Targets Hospitality Sector in Europe and Asia

A phishing campaign has been launched against hotels in Europe and Asia, utilizing malicious zip files disguised as guest photos to install malware. Attackers impersonate guests with complaints, tricking hotel employees into opening these files. The zip files contain Windows shortcuts masquerading as images, which execute commands to download malware when opened. Microsoft and Trend Micro have both reported on the activity, which began in April and May 2026. The malware allows attackers to gain persistent access to systems, steal sensitive information, and potentially install additional malware. The campaign has affected multiple hotels across Belgium, Ireland, the Netherlands, and Japan, with investigations underway into the breaches. The attackers exploit trusted services to bypass email authentication checks, making the phishing attempts more convincing.

Key Points: • Phishing emails target hotel staff with malicious zip files disguised as photos. • Attackers gain persistent access to systems by executing malware via Windows shortcuts. • Microsoft and Trend Micro have reported similar phishing campaigns in Europe and Asia.