TAG cybersecurity experts: The breadth of targets in those campaigns stands in contrast to many government-backed operations.
Technical analysis by the Malware Hunter JAMESWT
New FormBook campaign on fake purchase orders. The word attachment of the email, thanks to the equation editor exploit, starts a VBS and a Powershell. They download the malware and decrypt it
FormBook hides behind a fake purchase order email. The message contains a Word attachment which, once opened, starts a VBS and a powershell contained within, thanks to the exploit equation editor linked to the doc file.
They download the malware and decrypt it, triggering the infection of the malware.
The goal of cybercrime is to steal sensitive data from victims. FormBook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.
The C2s contacted by FormBook