Between June and August 2025, cybersecurity firm GReAT in South Africa identified a new wave of cyberattacks by a threat group known as Revenge Hotels, which targets hotels to gain access to guests’ payment information.

The group has been operating since 2015 and has since upgraded its methods. The threat actor is now utilizing Artificial Intelligence (AI) to enhance the effectiveness of their attacks and expand their reach to additional regions. Analysis shows that many of the new malicious programs used in these attacks contain code likely generated with AI, making them more sophisticated and more complex to detect.

While hotels in Brazil have been the main target to date, such cyberattacks have also been reported in other countries around the globe.

The threat actor sends phishing emails directly to hotel staff, often disguised as requests for reservations or job applications. Once a hotel employee interacts with these emails, malware known as VenomRAT is installed on the hotel’s systems, granting attackers access to guests’ payment data and other sensitive information. The emails often appear convincing, coming from websites that appear legitimate.

Cybercriminals are increasingly using AI to create new tools and enhance the effectiveness of their attacks. This means that even familiar schemes, such as phishing emails, are becoming increasingly complex for a typical user to spot. For hotel guests, this translates into a higher risk of card and personal data theft, even when staying at well-known hotels.