In late May 2026, suspicious emails were identified being sent to Japanese partner companies of Booking.com, with the subject line “Important: Guest Stay Review Request” (重要:ゲスト滞在レビュー依頼). In this attack, a zip file was downloaded by accessing a hyperlink to a suspicious web site, and the infection began when the user clicked a shortcut link file (LNK) disguised as a photo file within the zip archive. Unlike conventional phishing campaigns, the malware abuses The Open Network (TON) blockchain platform as a dead drop resolver, a technique that allows attackers to update their command-and-control (C&C) server destination without hardcoding it into the malware, making detection and takedown significantly more difficult.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Japan: Over 14 million login credentials leaked from six ISPs in major data breach
June 29, 2026
A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation. According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked ...
- ONResolver RAT Abuses TON Blockchain to Target Japan’s Hotel Industry
June 29, 2026
In late May 2026, suspicious emails were identified being sent to Japanese partner companies of Booking.com, with the subject line “Important: Guest Stay Review Request” (重要:ゲスト滞在レビュー依頼). In this attack, a zip file was downloaded by accessing a hyperlink to a suspicious web site, and the infection began when the user clicked a shortcut link file ...
- Japanese electricity giant apologises after physical drive with data of 10.9 million clients goes missing
June 12, 2026
A Japanese energy giant has apologised after losing a physical storage drive containing the data on millions of its clients. Workers for Kyushu Electric Power Co. apparently mislaid the drive, which had been left in an unlocked cabinet, the company explained in an official announcement. The drive allegedly contained information on up to 10.9 million accounts, including customer ...
- A hotel check-in system left a million passports and driver’s licenses open for anyone to see
May 15, 2026
A hotel check-in system left more than 1 million customer passports, driver’s licenses, and selfie verification photos to the open web after a security lapse. The data is now offline after TechCrunch alerted the company responsible. The hotel check-in system, called Tabiq, is maintained by the Japan-based tech startup Reqrea. According to its website, Tabiq is used in ...
- Malware-pwned laptop gifts cybercriminals Nikkei’s Slack
November 6, 2025
Japanese media behemoth Nikkei has admitted to a data breach after miscreants slipped into its internal Slack workspace, exposing the personal details of more than 17,000 employees and business partners.… The company blamed the intrusion on malware that infected an employee’s device, letting attackers pinch Slack credentials and waltz into its chat system. Once the suspicious ...
- Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia
October 17, 2025
In January 2025, FortiGuard Labs observed Winos 4.0 attacks targeting users in Taiwan. In February, it became clear the actor had changed malware families and expanded operations. What first appeared isolated was part of a broader campaign that shifted from Mainland China to Taiwan, then Japan, and most recently Malaysia. This article examines the methodologies employed ...