Formbook is a commercially available malware service that has come back into action. This is an information stealer that has been available as a service in secret forums since 2016, the latest variants are equipped with new capabilities of obfuscation.
FortiGuard researchers have revealed a new phishing campaign that is targeting personal information while distributing the new form of Formbook. This campaign was performed in order to hack into target systems and steal data from browsers that are commonly used, IM, email clients, FTP clients, etc.
The campaign uses phishing email that contains malicious PowerPoint documents to spread the malware. The email often poses as a reply to an old purchase and lures the victims into opening the file and viewing the whole of the document and video of the document.
The Enhancement in FormBook-
In the latest variant released, the developers have tried to make the analysis of the malware even more difficult and challenging. They have obfuscated the complete code and encrypted all the constant strings. This makes the analysis of the tool difficult for researchers. The names of all classes, variables, methods are randomly generated which does not let the viewer have a clue about its purposes.
Recent Attacks using FormBook-
TrendMicro recently reported that FormBook and several other malware were using several vaccine-related threats during the pandemic to lure the victims.
Conclusion-
The FormBook is gaining more efficiency in its work due to the addition of anti-analysis techniques to increase the difficulty in its analysis by researchers. These qualities make the malware a more recurrent threat and demand a closer look by cybersecurity researchers.
Link: https://cyware.com/news/formbook-a-well-known-commercial-malware-learns-new-tricks-bc58c8c3