In the ever-evolving landscape of cyber threats, a new menace dubbed “Missing Invoice” has surfaced, exploiting a deceptive email campaign. Crafted by cybercriminals, this campaign aims to trick unsuspecting users into compromising their computers. Disguised as a notification regarding a missing invoice, the email harbors a malicious attachment that injects the notorious Formbook malware into systems, leading to potential data theft, system compromise, and more.
Actions and Consequences
The “Missing Invoice” malspam campaign employs a clever social engineering tactic, leveraging urgency and the pretext of a missing invoice to manipulate recipients. The email insists on immediate attention, urging users to open an attached Word document claiming to contain details about the purported missing invoice. Upon opening the attachment, unsuspecting victims unknowingly install Formbook, a multifaceted malware capable of data exfiltration, remote command execution, and other malicious activities.
Formbook, categorized as a Trojan, password-stealing virus, banking malware, and spyware, is the malicious payload delivered by the “Missing Invoice” campaign. Once installed, Formbook operates stealthily, recording keystrokes, capturing screenshots, and extracting various sensitive data such as login credentials and banking information. Beyond data gathering, Formbook enables remote command execution, providing cybercriminals with control over infected systems, leading to potential system corruption and additional high-risk infections.
Detection Names
- Avast: RTF:Obfuscated-gen [Trj]
- Combo Cleaner: Trojan.GenericKD.71008195
- Emsisoft: Trojan.GenericKD.71008195 (B)
- Kaspersky: HEUR:Exploit.MSOffice.CVE-2018-0802.gen
- Microsoft: Exploit:O97M/CVE-2017-11882.RVCF
- (VirusTotal): Full List Of Detections
Similar Threats
This “Missing Invoice” campaign shares characteristics with other malware distribution tactics. Some similar threats include:
- Trojan variants: Infamous for stealthy infiltration and silent operation.
- Password-stealing viruses: Targeting sensitive login credentials and personal information.
- Banking malware: Focused on financial data theft.
- Spyware: Gathering information through covert surveillance.
Removal Guide
- Identify Suspicious Emails:
- Be cautious of unexpected emails, especially those urging immediate action.
- Scrutinize sender details and email content for inconsistencies.
- Avoid Opening Unknown Attachments:
- Refrain from opening attachments from unfamiliar or unexpected sources.
- Verify the legitimacy of emails before interacting with attachments.
- Use Updated Security Software: Employ reputable anti-virus and anti-malware tools with updated definitions.
Best Practices for Prevention:
- Stay Informed: Keep abreast of current cyber threats and tactics used by malicious actors. Educate employees and users about the latest cybersecurity risks.
- Implement Email Filtering: Employ email filtering tools to detect and block phishing emails. Configure filters to identify and quarantine suspicious attachments.
- Regularly Update Software: Ensure that operating systems and software are updated regularly to patch vulnerabilities. Apply security patches promptly to mitigate potential exploitation.
- Backup Critical Data: Regularly backup important files and data to mitigate the impact of potential infections. Store backups in secure, isolated locations.
- Use Multi-Factor Authentication (MFA): Enable MFA to add an extra layer of security, especially for sensitive accounts. MFA helps protect against unauthorized access even if credentials are compromised.
Conclusion
The “Missing Invoice” Formbook malware campaign underscores the evolving sophistication of cyber threats. Vigilance, user education, and proactive security measures are critical in mitigating the risks associated with such deceptive tactics. By staying informed and implementing robust security practices, users can fortify their defenses against evolving cyber threats.
