Formbook the malware that returns as an Invoice to companies

Formbook the malware that returns as an Invoice to companies

If you received an invoice email in your corporate inbox, it could turn out to be the most expensive for the company thanks to Formbook. the acquaintance malware andYou are sending emails with an Invoice message and an attachment that can steal sensitive data from companies and individuals.

The malware Formbook has been in the news for several years and this time the campaign would be aimed at the administration and accounting departments of different companies.

What does the mail include?

From ESET they indicate that the preferred day to send this email would be Monday. Since people would be less alert after the days of disconnection and the amount of accumulated emails. Another factor that can benefit cybercriminals is how quickly users might want to review unaccounted-for invoices.

Formbook Invoice

As can be seen in the image, the attached file corresponds to a tar type. Which corresponds to a compressed file that they try to hide by including the word PDF in the name. To those who are not aware of the different possible file extensions, it might seem like a harmless file.

The file you are trying to hide is an executable program (.exe) like the one in the following image:

Attached Executable Program Formbook

This program seeks to steal sensitive user information. Passwords saved in the browser, VPN keys, client data or even FTP clients.

At this point, if cybercriminals manage to steal sensitive information they can use it to continue spreading the malwareenter the company network or even encrypt the data to then ask for a ransom, although in this last scenario we would already be talking about an attack by ransomware.

In conclusion, the guard should never be lowered since these attacks are part of the risks that each company must mitigate. Although these cases have gone especially to Spanish companies, there is always the possibility that the danger extends to other countries. Therefore, it is always recommended to validate the sender before opening any attachment or clicking on links, all this to protect personal and company information.

Do you take any measures to mitigate the risks of infection by malicious applications?

Estaremos encantados de escuchar lo que piensas

Deje una respuesta

TecnoBreak USA
Logo
Enable registration in settings - general
Comparar artículos
  • Total (0)
Comparar
0