Wordfence cybersecurity experts: The flaw affects versions 1.5.1 to 1.6.0. Update the plugin now!
Technical analysis by the Malware Hunter JAMESWT
New order-themed FormBook campaign. The compressed attachment contains a false image and an executable. This starts the malware infection, but it doesn’t always appear
New FormBook global malspam campaign on product orders. The email contains a compressed attachment with a false jpg image and an executable file inside. This, if opened, activates the malware infection chain. The curiosity is that if you use winrar to unpack the document, only the exe file is shown and not the image. With 7zip, however, the opposite happens: the jpeg appears but not the executable. However, the goal of cybercrime is to steal sensitive data from victims. FormBook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.