AhnLab cybersecurity researchers: The malware is downloaded and executed from a WSF file within a compressed file, delivered via URL in phishing emails.
Formbook campaign via fake RFQ from Azerbaijan. The cybersecurity researcher and malware hunter, JAMESWT: The “RFQ Metabo.r00” attachment contains an exe: malware
New wave of Formbook campaign via fake RFQ, this time from Azerbaijan. It was discovered by cybersecurity researcher and malware hunter, JAMESWT.
The “RFQ Metabo.r00” attachment contains an exe: the malware. Formbook, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal mail and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.