FormBook – WindowsTechs.com

Attackers bypass Microsoft security patch to drop Formbook malware

Posted on December 24, 2021 by Waqas

By Waqas
The patch was issued to prevent the execution of code that downloaded the Microsoft Cabinet archive containing a malicious executable.
This is a post from HackRead.com Read the original post: Attackers bypass Microsoft security patch to drop F… Continue reading Attackers bypass Microsoft security patch to drop Formbook malware→

RATicate Group Hits Industrial Firms With Revolving Payloads

Posted on May 15, 2020 by Lindsey O'Donnell

A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire. Continue reading RATicate Group Hits Industrial Firms With Revolving Payloads→

Formbook back hitting UK in fake order emails

Posted on July 26, 2019 by Myonlinesecurity

We haven’t seen any Formbook malware / Trojan / Info-Stealer hitting the UK for ages, so it was quite surprising to see this one arrive overnight. Unlike previous versions who generally used exploits or macros / embedded ole objects in Microsoft … Continue reading Formbook back hitting UK in fake order emails→

New Loader Variant Behind Widespread Malware Attacks

Posted on July 25, 2019 by Tom Spring

Malware infection technique called TxHollower gets updated with stealthy features. Continue reading New Loader Variant Behind Widespread Malware Attacks→

New FormBook Dropper Harbors Obfuscation, Persistence

Posted on June 12, 2019 by Lindsey O'Donnell

Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities. Continue reading New FormBook Dropper Harbors Obfuscation, Persistence→

Fake Hillconmining Incoming20414 email delivers Formbook

Posted on April 16, 2019 by Myonlinesecurity

A very slightly strange and less usual malware campaign this morning that does eventually deliver Formbook. The email is nothing special, very terse & bland that just says ” Kindly find the attachment”. It has 2 Microsoft Word Doc attac… Continue reading Fake Hillconmining Incoming20414 email delivers Formbook→

Malware Actors Using New File Hosting Service to Launch Attacks

Posted on April 2, 2019 by David Bisson

Bad actors are leveraging a new file hosting service in order to launch attack campaigns involving FormBook and other malware. Near the end of March, researchers at Deep Instinct observed a new FormBook attack. The infection chain for this campaign beg… Continue reading Malware Actors Using New File Hosting Service to Launch Attacks→

Formbook via fake Urgent Enquiry email

Posted on March 4, 2019 by Myonlinesecurity

Another Formbook malware campaign that didn’t seem to want to fire off properly in Anyrun initially. I am not sure if there genuinely is an issue with the file or whether the error message was a “red herring”. However opening the expl… Continue reading Formbook via fake Urgent Enquiry email→

Fake order with 2 lnk files delivers Formbook

Posted on February 23, 2019 by Myonlinesecurity

A somewhat involved and slightly complicated and devious chain in this Formbook campaign. What is slightly concerning are some of the sites involved, especially the live download site http://globalbank.us/ which looks like it has been been purchased b… Continue reading Fake order with 2 lnk files delivers Formbook→

Fake Quotation request delivers Formbook

Posted on February 17, 2019 by Myonlinesecurity

We have been seeing a lot of formbook malware recently. This campaign is very similar to all the others we frequently see. The only reason for mentioning it is that it is very unusual for malware campaigns to take place over a weekend. Most of this typ… Continue reading Fake Quotation request delivers Formbook→