<ul data-eligibleForWebStory="true"><li>Hackers are targeting holidaymakers with remote access trojans through fake Booking.com websites.</li><li>The fake sites mimic Booking.com but have blurred content and a deceptive cookie banner.</li><li>Clicking 'Accept cookies' triggers a download of a malicious JavaScript file installing a RAT called XWorm.</li><li>XWorm allows attackers to control compromised devices, access files, webcams, microphones, disable security tools, deploy malware, and steal data.</li><li>The campaign was first spotted in peak summer booking period Q1 2025, exploiting users' 'click fatigue' during rush times.</li><li>Users are advised to slow down when browsing, avoid clicking on links in emails or social media, and type website addresses manually.</li></ul>

Holidaymakers under threat from devious new cyber threat - here's how to stay safe

Discover more