IDP Signatures
79526 MALWARE.XLOADER.FORMBOOK.INFECTION.A3
Back to list| Signature Id | 79526 |
| Name | MALWARE.XLOADER.FORMBOOK.INFECTION.A3 |
| Group | IPS MALWARE GENERAL |
| Issued | 2024-09-04 |
| Last Updated | 2024-09-04 |
| Description | The infection chain starts with a phishing email in Mozilla Thunderbird, which contains a malicious RAR file attachment with an .exe file that leads to the FormBook (XLoader) infostealer malware. FormBook steals sensitive data, including keystrokes, login credentials, and clipboard data, and can also download and execute additional malicious code. The malware can receive commands from attackers, allowing them to install other malware on the infected system, making it a significant threat to data security. |