FormBook data stealer sold on hacking forums is used in targeted attacks

  • 99
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    100
    Shares

Security researchers from Arbor Networks and FireEye, have found a series of malware (dubbed FormBook) attacks primarily targeting aerospace, defense contractors, and manufacturing in many countries, including the USA, Thailand and South Korea. They found that the PDF and DOC/XLS documents were largely used to target organizations.

FormBook malware was created to steal data from the infected computers, including keystrokes, clipboard contents, HTTP/HTTPS/SPDY/HTTP2 web forms and network requests, passwords from web browsers and email clients, and screenshots, and transfer it to the attacker server.

According to FireEye researchers:
“We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. The attackers involved in these email campaigns leveraged a variety of distribution mechanisms to deliver the information stealing FormBook malware, including:

– PDFs with download links
– DOC and XLS files with malicious macros
– Archive files (ZIP, RAR, ACE, and ISOs) containing EXE payloads”

Anyone on the internet can rent FormBook malware for only $29 per 7 days or $59 per 30 days, which gives a variety of advanced spying abilities on target computers, including a keylogger, password stealer, network sniffer, taking the screenshots, web form data stealer and much more.

FormBook is a data stealer and form grabber that has been sold in many hacking forums since early 2016. It was seen downloading other malware families such as NanoCore. The credentials and other information collected by successful FormBook infections could be used for additional cybercrime activities.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Latest posts by Unallocated Author (see all)

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply