IDP Signatures
79622 MALWARE.XLOADER.FORMBOOK.INFECTION.A24
Back to list| Signature Id | 79622 |
| Name | MALWARE.XLOADER.FORMBOOK.INFECTION.A24 |
| Group | IPS MALWARE GENERAL |
| Issued | 2024-11-07 |
| Last Updated | 2024-11-07 |
| Description | The infection chain starts with a phishing email in Mozilla Thunderbird, which contains a malicious RAR file attachment with an .exe file that leads to the FormBook (XLoader) infostealer malware. FormBook steals sensitive data, including keystrokes, login credentials, and clipboard data, and can also download and execute additional malicious code. The malware can receive commands from attackers, allowing them to install other malware on the infected system, making it a significant threat to data security. |