Information stealing FormBook malware is being lobbed at defense contractors, manufacturers and firms in the aerospace sector in the US and South Korea.
The malware is delivered via high-volume spam campaigns and email attachments that take the form of:
DOC/XLS files loaded with malicious macros that initiate the download of FormBook payloads
Archive files containing FormBook executable files
PDFs containing links to the tny.im URL-shortening service, which point to FormBook executables hosted on a staging server.
Leave a reply