Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware.
Malware Hunter JAMESWT Technical Analysis
Formbook passes for a false purchase order. The email rar attachment contains an exe file: the malware itself
A false purchase order is the lure of a new Formbook campaign.
The email rar attachment contains an exe file: the malware itself. Formbook, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.