A hacker group known as RevengeHotels is using artificial intelligence to strengthen its attacks on hotels in Brazil and other Spanish-speaking markets, according to new report by Russian cybersecurity firm Kaspersky.
RevengeHotels, also tracked as TA558, has been active since 2015 and is well-known for stealing payment card details from hotel guests and front-desk systems.
The group’s latest campaigns show that its tactics are evolving. Researchers found that it continues to rely on phishing emails, often disguised as invoices, booking confirmations, or even job applications, to trick hotel employees into opening attachments or clicking malicious links.
When opened, the attachments install malware onto the computer. The main tool in these recent attacks is VenomRAT, a remote access trojan that allows hackers to steal files, capture credentials, and take full control of infected machines.
VenomRAT is sold on underground forums for up to $650, making it a popular choice for financially motivated cybercriminals.
According to Kaspersky, much of the malicious code powering these new campaigns appears to have been created with the help of large language models (LLMs).
By using AI tools, the attackers can generate cleaner, more structured code with detailed comments, making it easier to maintain and update. “This suggests that the threat actor is now leveraging AI to evolve its capabilities, a trend also reported among other cybercriminal groups,” Kaspersky said in its report.
While Brazil remains the primary target, evidence shows that the group has expanded operations. Spanish-language phishing emails linked to RevengeHotels have been observed in Mexico, Argentina, Chile, Costa Rica, and Spain.
Earlier campaigns have also reached beyond Latin America, hitting hotels in Russia, Belarus, and Turkey.
The attackers are rotating hosting services and domain names regularly to avoid detection. Despite the technical upgrades, the group’s core objective has not changed: compromising hotel systems to steal sensitive data from guests worldwide.
Kaspersky warns that RevengeHotels is part of a wider trend of cybercriminal groups adopting AI to make their attacks more effective. The hospitality sector, which manages large volumes of financial data, remains a prime target.
About Author
