Formbook

Method that Tricks Users to Perceive Attachment of PDF File as Safe File

The ASEC analysis team has discovered the distribution of info-stealer malware using Attachment feature of PDF files. This attack method was discovered previously, but as the malware of this type has resurfaced and is being actively distributed, the team would like to share the information. Note that the attacker used a simple trick of using the attachment’s name to deceive users. Acrobat Reader has a feature of adding attachments to PDF files. Files with extensions such as .bin/.exe/.bat/.chm are blacklisted…

Change in Distribution Method of Malware Disguised as Estimate (VBS Script)

Last year, the ASEC analysis team has discovered the distribution of Formbook that used a certain company’s name in its filename. Recently, the team has discovered that it is being distributed via VBS file. The email used for distribution still contains details about a request for an estimate, and by using a certain company’s name in the attachment, it prompts the user to execute it. The compressed file attached to the email does not contain an executable but a VBS…