Organizations in multiple South American countries, Bosnia, Croatia, Greece, Slovenia, and Spain have had their Windows systems stealthily infected with the Formbook information-stealing malware in a pair of phishing campaigns, reports Infosecurity Magazine.Attacks part of the first campaign involved the delivery of malicious emails with a RAR attachment containing three DLLs and a Windows executable file, with DLL side-loading ensuring the execution of Formbook without being detected by the system, according to a WatchGuard analysis. On the other hand, phishing emails in the second campaign featured JavaScript and PDF files concealing the malicious payload. Running the JavaScript triggers the injection of a pair of image files, which deploy PowerShell commands that result in the execution of a Windows executable that launches a Formbook-injecting malware loader.Such a loader had been used to deliver AsyncRAT, Remcos, XWorm, and SmokeLoader. Mounting adoption of techniques for covert Formbook malware compromise should prompt security teams to bolster their monitoring of dubious archive-based email attachments, user-opened attachment-related PowerShell execution, manual DLL mapping symptoms, and anomalous DLL loading behavior, said WatchGuard researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds