A set of malware campaigns have been discovered spreading commodity RATs and using a .NET-based crypter service 3losh to target travel and hospitality businesses in Latin America. These campaigns use either compromised or attacker-controlled websites to host their tools and payloads. Furthermore, security analysts stumbled across multiple campaigns using the same 3losh crypter and infection scripts to spread RATs.