Cybersecurity firm FireEye has observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defence Contractor, and Manufacturing sectors.
A FireEye spokesperson said while some of the campaigns have taken place in Australia, the majority of the campaigns have been observed within the US and South Korea during the past few months.
FormBook is a data stealer and form grabber that has been advertised in various hacking forums since early 2016. Its capabilities include key logging, clipboard monitoring, grabbing HTTP/HTTPS/SPDY/HTTP2 forms and network requests, grabbing passwords from browsers and email clients, and screenshots.
The attackers involved in these email campaigns have leveraged a variety of distribution mechanisms to deliver the information stealing FormBook malware, including:
- PDFs with download links – nine per cent of activity during the observed period occurred in Australia;
- DOC and XLS files with malicious macros; and
- Archive files (ZIP, RAR, ACE, and ISOs) containing EXE payloads – five per cent of activity during the observed period occurred in Australia.
For more information on the campaigns, included who they targeted and how they work, please visit FireEye’s Threat Research Blog here.