By Reason Cybersecurity
on Mon Dec 07 2020
FormBook is not what it sounds like. It is NOT the latest notebook to hit the market, or ebook or mobile phone, or any other cool electronic gadget. FormBook IS a highly evasive, information-stealing Trojan designed to steal personal data from its victims’ computers. It’s also distributed as malware as a service (MaaS). In other words, FormBook is provided as a ‘service’ on hacking forums, so that any cyber criminal can gain access to it by paying a subscription fee. Furthermore, it’s been intentionally designed for easy setup and use, meaning it can be used by even inexperienced threat actors. And although its developers have tried to pass it off as a legitimate application for monitoring the Internet, don’t be fooled. A FormBook infection is extremely dangerous. And ominously, security researchers have noted a spike in these infections since 2019. So just how does FormBook spread?
How FormBook infections spread
In addition to being available as a MaaS, FormBook infections are usually spread via malicious spam campaigns that trick users into opening obfuscated email attachments or clicking on malicious links. Once opened, FormBook is loaded and executed onto the target system where it starts to do its dirty work.
The dirty work…
After infecting its targeted device, FormBook begins to execute its advanced stealing functions to execute a variety of malicious behaviors such as stealing stored and recorded user input, interacting with files on the user’s computer, taking screenshots, recording keystrokes, finding out which websites the user visited, and stealing clipboard data, logins, passwords, banking credentials and other personal data. FormBook is also capable of rebooting and shutting down systems and downloading and running files via remote command and control servers. The remote execution gives cyber criminals the ability to further infect and corrupt the already-infected system and data with other high-risk malware such as ransomware. Anyone whose computer has been infected with FormBook will likely experience significant financial loss and a serious invasion of privacy. And unfortunately, the COVID-10 pandemic is only making it worse.
Cyber criminals are taking advantage of COVID-19 fears to spread FormBook
Cyber criminals are preying on the public’s fear of COVID-19 by sending out emails that look like they’re from the World Health Organization (WHO) and concern the current pandemic. These emails are intentionally difficult to view in the mail client and prompt users to view it in a browser where the user is then urged to view an attachment that holds the malicious executable. FormBook has been used to target educational institutions, biomedical firms and healthcare businesses and has compromised financial resources, data and intellectual property. This is not malware that you want anywhere near your computers. If ever there was a time to protect your computer and data, it’s now.
It’s okay, take a breath. There’s plenty you can do to protect yourself. Start by educating yourself and your employees, if you’re a business owner, about the increase in cyber fraud exploiting people’s fears of the COVID-19 outbreak. Everyone should be cautious when opening attachments or clicking on links from unfamiliar senders and should only download or install software from official sources. In addition, never blindly trust requests for personal or financial information. Always verify these requests with the sender to make sure the email is from an authentic source.
Next, always make sure to install software updates when they are released. Software updates often contain patches to the vulnerabilities that hackers try to exploit, so it is mission critical to keep your computer and all endpoints secure with these patches.
Next, install powerful antivirus software to protect all your computers. It should be able to perform FormBook malware analysis as well as other malware analysis so threats can be detected and removed before they do any harm. For businesses, the best bet is to go with a powerful endpoint security solution to ensure that all your devices are secured and kept updated.
Finally, consider using a quality virtual private network (VPN) to protect your data. A VPN uses encryption to secure your private network so that users can safely send and receive data sent on public networks. VPNs make your online activity virtually untraceable and have become increasingly important in today’s remote work environment.
FormBook’s Bad Form
Although its developer tried to pass it off as a legit application, it is anything but that. Indeed, FormBook has bad form written all over it; it’s a danger and a menace to individuals and businesses alike. And thanks to its information-stealing abilities, advanced anti-evasion techniques, ease of use, and easy access on hacker forums, it’s been gaining traction in the world of cyber crime. Don’t be like FormBook; instead, practice good form by implementing the cybersecurity measures mentioned above. It’s the biggest service you can do for yourself or your business.