New signed campaign to trick victims’ antivirus, allowing them to download and install the malware via attachment.
Technical analysis by the Malware Hunter JAMESWT
New Formbook campaign via false bank receipt. The email .gz attachment contains an exe file, the malware itself. This, if opened, activates the infection
A false bank receipt via email is the lure to convey the new global Formbook campaign.
The gz attachment in the message contains an exe file, the malware itself. This, if open, activates the chain of infection. The goal of cybercrime is to steal sensitive data from victims. FormBook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.