Formbook campaign via real email conversation. The doc attachment of the “Re: FW: Proforma Demurrage PC Profert SPA” message contains an exe file: the malware

New Formbook campaign takes advantage of a real compromised e-mail conversation as bait.

The doc attachment of the “Re: FW: Proforma Demurrage PC Profert SPA” message contains an exe file: the malware. Formbook, through the keylogger function, is able to acquire everything that the user types. Furthermore, it can steal email and browser credentials as well as take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Malware C2