“ASAP request: From VPI Purchasing” bait for Formbook. Cybersecurity researcher and malware hunter, JAMESWT: The exe attachment of a PO-themed email is the malware itself

“ASAP request: From VPI Purchasing” is the subject of a PO-themed email, which hides Formbook.

The “Quotation (1).exe” attachment is the malware itself. This was discovered by cybersecurity researcher and malware hunter, JAMESWT. Formbook, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal mail and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.