PHALT#BLYX Campaign Targets European Hospitality Sector with Fake Booking.com Emails and DCRat Malware

7 Jan 2026

Cyber CrimeMalwareSecurityClickFixDCRATHackinghospitalityinformation security newsmalwarePHALT#BLYXSecurity Affairs

The PHALT#BLYX campaign, active in late December 2025, targets the European hospitality sector through a sophisticated social engineering scheme. Threat actors impersonate Booking.com via fraudulent emails, redirecting employees to counterfeit Blue Screen of Death (BSoD) pages. These pages employ ClickFix lures, prompting users to apply supposed "fixes" that actually deploy DCRat, a remote access Trojan (RAT). This multi-step attack exploits human psychology and urgency to bypass technical defenses. While specific victims and detailed impacts remain undisclosed, the campaign underscores the persistent threat of social engineering in cybersecurity. The use of familiar and urgent scenarios, such as BSoD errors, effectively manipulates users into executing malicious payloads. Organizations in the hospitality sector should prioritize employee training to recognize and respond to such tactics. Implementing robust endpoint protection and multi-factor authentication can further mitigate risks associated with this and similar campaigns.