FormBook Malware Promotion Aims U.S. Companies

The majority Formbook malware attacks have aimed particular industry areas in South Korea and the United States, however, there is worry that the malware will be utilized in more extensive attacks around the world. To date, defense contractors, the Aerospace industry, and the industrial sector have been widely targeted; nevertheless, attacks haven’t been limited to these areas. The financial services, services/consulting firms, energy and utility companies, and educational institutions have also been attacked.

FireEye identified numerous ‘significant campaigns’ in South Korea and the United States and reports that attacks are mainly occurring through spam electronic mail. The electronic mails sent are general, instead of spear phishing electronic mails at particular targets, even though the attacks are focused on specific industry areas.

The malevolent attachments used to copy and install FormBook malware vary in South Korea and the United States. In the United States, the assailants are mainly using Word documents, PDF files, and XLS spreadsheets. The Office documents have hateful macros, which copy the malware when operated by end users. The PDF files have an embedded linkage that, if ticked, will copy the hateful payload. The electronic mails seized by FireEye spoof FedEx and DHL and claim to have details of consignments. In South Korea, a promotion has been noticed using .ZIP, .RAR, .ISO, and .ACE, files with the executable attached to the electronic mail.

FormBook malware has perseverance and can carry out a wide variety of functions. It’s a keylogger, can take data from the clipboard, steal passwords and cookies, can stop and start processes, force a reboot, take screenshots, obtain data from HTTP sessions, and copy other files. One promotion has been used to copy the Nanocore Trojan onto infested appliances.

Although the main purpose of FormBook malware seems to be spying, it can be utilized in all ways of attacks and evil purposes. The malware is used by many actors and is rented through underground markets as malware-as-a-service; complete with a user-friendly web interface for collecting executables. Moreover, the cost of contracting the malware is low – $29 each month or $299 for a complete package professional selection. The creators claim the malware is innovative Internet action logging software and provides users a “controlling Internet monitoring knowledge”.

Because of the low price, the wide variety of functions, and ease of use, this malware version is expected to become the main threat to all companies.