Formbook Malware spreading widely by clicking Microsoft URL shortcut files in your emails
Be careful when you receive attachments to an email, it can be an entry point to Formbook Malware. Formbook malware mainly steals data from forms tracking keystrokes and form submissions, hence the name Formbook. It can also execute several commands on the victim’s machine from the attacker’s servers. It is widely being spread via malicious Microsoft file attachments within an email.
Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and information service sectors in the Middle East and United States. The method of infection includes a new multi-stage infection technique.
The absence of any malicious code in the email document attachment, the first stage of malware, evades its detection in sandbox and anti-virus solutions. Researchers said attackers are exploiting “design flaws” in the document formats .docx and RTF, in combination with abusing unpatched instances of a remote code execution vulnerability CVE-2017-8570 – patched in July 2017.
The attackers send spam email with a .docx file attachment. If the victim opens this Word document, Microsoft Word will send an HTTP request which will lead to download Formbook malware on victim’s machine. This malware sits silently on the machine without anybody discovering it. This malware is capable of stealing data, capturing screenshots, coping passwords. Attacker can also launch commands on victim’s machine using ShellExecute.
The best precaution is to be extra careful while opening email attachments as Formbook cannot install without a user opening a malicious file. Companies need stronger solutions to plug up the holes in their networks. Use powerful corporate spam filters which blocks the emails for even the slightest of doubt. To know how to qualify or measure the cyber security and what are the best practices in case of emails our experts at Logix can help you.
Logix Infosecurity helps in identifying spam mails as well as intruders in your system and take preventive measures. The firewalls are well equipped to keep your organization safe, up and running.
