An email with the subject of “FW: URGENT PAYMENT FOR OVERDUE INVOICES” pretending to come from FINANCE <salgar@dgkw.com> with both a malicious word doc and an Excel XLS spreadsheet attachment delivers Formbook. These attachments are using Microsoft Equation Editor exploits CVE-2017-11882 and possibly CVE -2012-0158 and CVE-2018-0802 if VirusTotal results are to be believed. The only real reason to mention this is the dual attachment so trying to get 2 bites at the cherry. The email is nothing special and should be caught by perimeter defences or email spam filtering. They are using email addresses and subjects that will scare or entice a user … Continue reading →
The post Fake URGENT PAYMENT FOR OVERDUE INVOICES delivers formbook appeared first on My Online Security.