Bleeping Computer: The two Ransomware-as-a-Service operations exploit the same encrypted file format and the distribution channel: the Dridex botnet.
Technical analysis by the Malware Hunter JAMESWT
Formbook still attacks hotels with the lure of false bookings
Formbook attacks hotels again with a global malspam campaign. The bait is a false booking with credit card details attached to confirm. It’s a compressed document (.rar) which contains an exe file. This, if opened, starts the malware infection chain. The goal is to steal sensitive data from victims. Formbook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.
the fake booking email sent to the hotels, detected by abuse_ch
DNS HTTP/HTTPS requests / Connection