. home.aspx

NEWS

home.aspx
   


Info-Stealing FormBook Returns in New Campaign

January 29, 2019 / Kacy Zurkus

A file-hosting service registered within the last week is being used to spread information-stealing malware in another FormBook campaign, currently attacking retail and hospitality businesses both within and outside of the US, according to Deep Instinct. Though FormBook has been around since approximately 2016, this newest version is being discussed and shared in underground hacking forums as a recommended service for hosting and serving malware. In a blog post, researchers wrote, “As with many information stealing and credential harvesting malware, FormBook’s infection chain starts with a phishing Email containing a malicious attachment, which is usually an Office document or a PDF file.” The campaign uses rich text format (RTF) documents and leverages recent Word vulnerabilities as droppers, likely because these are often missed by typical security solutions, according to Deep Instinct. Once the payload is dropped and executed, it will copy itself, then proceed to s...