Cybercriminals Use Artificial Intelligence to Steal Hotel Payment Data

A cybercrime network

A cybercrime network known as RevengeHotels has started exploiting artificial intelligence to steal hotel guests’ payment data in a fresh wave of global attacks, cybersecurity firm Kaspersky has revealed.

Operating since 2015, the group initially concentrated its campaigns in Brazil but has broadened its reach in recent months. From June to August, Kaspersky’s Global Research and Analysis Team tracked incidents across several regions, including African markets — a sign that AI is helping long-running threats evolve and evade detection.

The attackers usually rely on phishing emails sent to hotel employees, disguised as job applications or booking inquiries. When these are opened, malware called VenomRAT is deployed, enabling the theft of payment card details and other confidential data stored in hotel systems.

According to Kaspersky researcher Lisandro Ubiedo, criminals are now using AI to design more advanced tools and boost the effectiveness of their schemes. “Even common techniques, such as phishing, are becoming much harder to detect. For hotel guests, this means a greater chance of losing card and personal data, even when staying at reputable chains,” he warned.

With South Africa and Kenya drawing large numbers of tourists, and Nigeria serving as a corporate travel hub, the attractiveness of these markets raises the risk of regional hotels being targeted.

To counter the threat, Kaspersky urged hotels to adopt enterprise-level cybersecurity protections, including EDR and XDR systems for real-time monitoring. The company also recommended strengthening spam filters and ensuring staff are trained not to open suspicious attachments, no matter how legitimate they appear.

As international travel rebounds, the integration of AI into cybercrime underscores the rising dangers facing the hospitality industry. Given the heavy volume of card transactions processed daily, experts caution that hotels will likely continue to be a prime target for financially driven attackers.