Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Technical analysis by the Malware Hunter JAMESWT
Fake purchase orders from Serbia and UAE spread Formbooks. The email doc attachments have different names but are identical. If opened, they contact a single url and download the dll, which starts the malware infection
A false purchase order conveys the latest global Formbook campaign. The fake email comes either from a Serbian company and from one in the United Arab Emirates.
The file name changes, but the doc attachment is identical. This, if opened, contacts a single url and downloads the dll, which starts the malware infection.
The goal of cybercrime is to steal sensitive data from victims. Formbook, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.