skip to Main Content

Cybercrime, new Formbook malspam campaign against hotels

Technical analysis by the Malware Hunter JAMESWT

Formbook still attacks hotels with the lure of false bookings

Formbook attacks hotels again with a global malspam campaign. The bait is a false booking with credit card details attached to confirm. It’s a compressed document (.rar) which contains an exe file. This, if opened, starts the malware infection chain. The goal is to steal sensitive data from victims. Formbook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.

the fake booking email sent to the hotels, detected by abuse_ch

DNS HTTP/HTTPS requests / Connection

Back To Top