skip to Main Content

Cybercrime, a new global receipt-themed FormBook campaign

Technical analysis by the Malware Hunter JAMESWT

New global FormBook campaign on a false payment receipt for a hotel reservation. The email contains a compressed attachment with an executable inside. This, if opened, activates the malware infection

FormBook is back in a new global campaign on a false payment receipt for a hotel reservation. The mail contains a compressed attachment in rar format, which hides an executable inside. This, if opened, activates the malware infection chain. The goal of cybercrime is to steal sensitive data from victims. FormBook, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.

The fake email with the attachment

The C2s/domains contacted

Back To Top