A new Formbook campaign exploits a fake email from China. The “inquiry_pdf.rar” attachment contains the “ayeez.exe” file: the malware

Formbook hides inside a fake RFQ-themed email from China.

The “inquiry_pdf.rar” attachment contains the “ayeez.exe” file: the malware. Formbook, through the keylogger function, is able to acquire everything that the user types. Furthermore, it can steal email and browser credentials as well as take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.