FormBook, the well-known data stealer and form grabber, has popped up once again, in a malicious phishing campaign that has spread globally.
Bitdefender researchers spotted the latest attempt at infecting recipients with the commercial malware on September 7, with most of the attacks originating from IP addresses in the Netherlands and US. The ongoing malspam campaign has reached recipients across the globe, including the United States, Italy, India, France, Germany and the UK.
The attackers are sending out a WinRAR compressed file as an email attachment (TT FORMAT COPY.r00) to spread keyloggers and form grabbers that steal victims’ personal information from various web browsers and other applications.
The phishing email used to deliver the FormBook malware mimics a request to revise information found in a Proforma invoice. However, it’s just a fake message used to lure unsuspecting victims.
“Please kindly check the format of TT I sent and confirm the information is correct that we do the TT today as your account is different this time,” the email reads.
Formbook, initially spotted in the wild in 2016, has become a notorious tool sold “as-a-service” on hacking forums. The easy-to-use interface and comprehensive data-harvesting capabilities have increased its popularity as a malicious tool to distribute phishing emails.
To prevent device and data compromise, users should always verify the origin and validity of correspondence before accessing attachments or links, and install a security solution on their devices.
Bitdefender customers are already protected from FormBook malware. The attached file is detected as Trojan.GenericKD.46937057 and blocked by both our consumer and enterprise solutions.
With Bitdefender Total Security and XEDR, users and businesses enjoy the best anti-malware protection and threat detection and response against e-threats across all major operating systems. The real-time protection feature included in our security software safeguards against e-threats, including viruses, worms, Trojans, ransomware, zero-day exploits and spyware, to keep you and your data safe.
Note: This article is based on technical information courtesy of Bitdefender Labs