skip to Main Content

Cybercrime, FormBook also attacks Defense and Security

Technical analysis by the Malware Hunter JAMESWT

FormBook also targets Defense and Security in its global campaign. The bait is an email from a fake Australian company with a request for a quote. The .zip attachment contains two .exe files. These, if opened, start the malware infection

FormBook also targets Defense and Security as part of its global campaign. The bait is an email, written in English, from a fake Australian restaurant linked to a theoretical request for quotation. It is a .zip compressed file, which contains two exes inside. These, if opened, start the malware infection chain. The goal is to steal sensitive data from victims. FormBook, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.

The mail from the fake Australian company sent to Defense and Security

Back To Top