Cybercriminals have launched a campaign redirecting users from gaming sites and social media to fake Booking.com websites. The scam uses fake CAPTCHA prompts to trick visitors into executing malicious commands on their devices. If successful, the attack downloads and installs AsyncRAT, a backdoor Trojan that allows remote monitoring and control of infected computers. The campaign, which began in mid-May, frequently changes its final redirect destination. The malicious actors exploit the fact that 40% of people book travel through online searches, creating ample opportunities for deception. To stay safe, users are advised to be cautious of website instructions, use anti-malware solutions, employ browser extensions that block malicious domains, and consider disabling JavaScript on unknown websites.