Summary
Key Points:
- Two phishing campaigns are delivering Formbook malware, utilizing DLL sideloading and obfuscated JavaScript to evade detection.
- The impact includes data theft of sensitive information such as login credentials and browser data, affecting organizations in Greece, Spain, Slovenia, Bosnia, Croatia, and South America.
- Recommended actions include monitoring for suspicious email attachments, anomalous DLL loading behavior, and PowerShell execution linked to user interactions.
Technical Details: The Formbook malware is delivered through phishing emails that either use DLL sideloading or obfuscated JavaScript to execute malicious payloads without detection. This infostealer has been active since 2016 and remains a significant threat.
MITRE ATT&CK Techniques:
- T1566 - Phishing (Initial Access)
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
- T1203 - User Execution (Execution)
- T1055.001 - Process Injection: Dynamic-link Library Injection (Execution)
- T1059.001 - Command and Scripting Interpreter: PowerShell (Execution)
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.