Technical analysis by the Malware Hunter JAMESWT

New FormBook campaign in Italy on payments. The iso attachment contains an executable, the malware itself. Moreover, it exploits the exe (in English) of an international campaign

New FormBook campaign in Italy on the subject of payments uses a compromised e-mail address, detected by cocaman.

The mail on the “payment calendar” has an iso attachment that contains an executable file. This is the malware itself. The cybercrime actors behind the attacks, however, are using the global campaign, as evidenced by the exe file in English, adapted to target our country (ISO in Italian). The goal is to steal sensitive data from victims. FormBook, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.

IOCS