skip to Main Content

Cybercrime, multi-malware campaign via fake purchase order

Technical analysis by the Malware Hunter JAMESWT

Multi-malware campaign via fake purchase order. The xls attachment of the email first downloaded Putty and now Formbook. It is not excluded that it is targeted

A fake purchase order-themed email downloads different malware.

The xls attachment, exploiting the Equation Editor vulnerability, contacts a link and downloads the malicious payload. Previously this was Putty and now it has become Formbook. Moreover, the inclusion of the e-mail address of the potential victim in the text of the message does not allow us to exclude that it is a targeted campaign, rather than a “trawl” as traditionally occurs. Formbook, through the keylogger function, is able to acquire everything that the user types. Furthermore, it can steal email and browser credentials as well as take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top