skip to Main Content

Cybercrime, double Formbook campaign via SWIFT transaction from Ziraat Bank

Formbook double campaign via SWIFT transaction from Ziraat Bank. Two emails have the same .7z attachment that contains an exe file: the malware

Double Formbook campaign in just one day coming from Turkey. The theoretical sender is Ziraat Bank, from which two emails seem to have come about as many alleged SWIFT transactions, just carried out.


The text varies only for the time of the money transfer, while the .7z attachment is identical. Inside is an exe file: the malware. Formbook, through the keylogger function, is able to acquire everything that the user types. Furthermore, it can steal email and browser credentials as well as take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top