FormBook data stealer sold on hacking forums is used in targeted attacks

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn1

Security researchers from Arbor Networks and FireEye, have found a series of malware (dubbed FormBook) attacks primarily targeting aerospace, defense contractors, and manufacturing in many countries, including the USA, Thailand and South Korea. They found that the PDF and DOC/XLS documents were largely used to target organizations.

FormBook malware was created to steal data from the infected computers, including keystrokes, clipboard contents, HTTP/HTTPS/SPDY/HTTP2 web forms and network requests, passwords from web browsers and email clients, and screenshots, and transfer it to the attacker server.

According to FireEye researchers:
“We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. The attackers involved in these email campaigns leveraged a variety of distribution mechanisms to deliver the information stealing FormBook malware, including:

– PDFs with download links
– DOC and XLS files with malicious macros
– Archive files (ZIP, RAR, ACE, and ISOs) containing EXE payloads”

Anyone on the internet can rent FormBook malware for only $29 per 7 days or $59 per 30 days, which gives a variety of advanced spying abilities on target computers, including a keylogger, password stealer, network sniffer, taking the screenshots, web form data stealer and much more.

FormBook is a data stealer and form grabber that has been sold in many hacking forums since early 2016. It was seen downloading other malware families such as NanoCore. The credentials and other information collected by successful FormBook infections could be used for additional cybercrime activities.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn1

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply