What's Happening?
Cyber threat actors have launched a phishing campaign targeting employees of Booking.com partner accommodations in Japan. The attackers use phishing emails that mimic guest complaints and review requests to deceive hotel staff into executing malicious
files. The malware, known as TONResolver, is hosted on a smart contract and utilizes blockchain technology, specifically The Open Network (TON) blockchain platform. This malware serves as an initial access point and command-execution foothold, potentially leading to credential theft and further system compromise. The campaign was identified by TrendAI Research, a unit of Trend Micro, in late May 2026. The phishing emails, sent to Japanese Booking.com partners, contain a hyperlink that directs recipients to a suspicious website and downloads a ZIP file. This file includes a shortcut link disguised as a photo, which installs the TrojanSpy.JS.TONRESOLVER.A malware via a PowerShell script. The campaign primarily targets Japanese hospitality organizations, although similar emails have been sent to partners in other countries.
Why It's Important?
This phishing campaign highlights the evolving sophistication of cyber threats, particularly the use of blockchain technology to evade detection. The targeting of the hospitality sector, a critical component of Japan's economy, underscores the potential for significant disruption. The use of blockchain in cyberattacks presents new challenges for cybersecurity professionals, as traditional security measures may be insufficient to detect and mitigate such threats. The campaign's ability to bypass email security controls further emphasizes the need for advanced cybersecurity strategies. Organizations in the hospitality industry and beyond must remain vigilant and adopt comprehensive security measures to protect against these evolving threats.
What's Next?
As the campaign continues, affected organizations may need to enhance their cybersecurity protocols, including employee training to recognize phishing attempts. Cybersecurity firms and researchers will likely focus on developing new tools and strategies to detect and counteract blockchain-based malware. The incident may prompt regulatory bodies to consider new guidelines for cybersecurity in the hospitality sector. Additionally, there may be increased collaboration between international cybersecurity agencies to address the cross-border nature of such threats.














