Technical analysis by the Malware Hunter JAMESWT

FormBook is back in a new global campaign themed purchase orders. The email attachment contains a jpg file and an executable. This, when opened, creates a variant of it that triggers the infection of the malware

FormBook returns in a new global campaign themed on purchase orders. The email contains a compressed attachment with a false jpg image and an executable file inside.

This, if opened, creates its own variant that activates the malware infection chain.

Moreover, if you use winrar to unpack the document, only the exe file is shown and not the image. With 7zip, however, the opposite happens: the jpg appears but not the executable.The goal of cybercrime is to steal sensitive data from victims. FormBook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.