FormBook Malware

 

 

A file-hosting service registered within the last week is being used to spread information-stealing malware in another FormBook campaign, currently attacking retail and hospitality businesses both within and outside of the US, according to Deep Instinct.

Though FormBook has been around since approximately 2016, this newest version is being discussed and shared in underground hacking forums as a recommended service for hosting and serving malware.

The campaign uses rich text format (RTF) documents and leverages recent Word vulnerabilities as droppers, likely because these are often missed by typical security solutions, according to Deep Instinct. Once the payload is dropped and executed, it will copy itself, then proceed to scan the system for stored passwords in browsers and various other applications before sending the stolen information back.

In addition, the malware takes a screenshot of the victim’s desktop, along with monitoring all browsers for user-typed passwords, stealing those as well. It will also act as a keylogger and maintain a log of the user’s keystrokes.

Source: Infosecurity

How do you protect yourself?

Proper security measures must be in place to defend against FormBook malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-18500

 

 

Mozilla Firefox released security updates for vulnerabilities found in Firefox, Thunderbird and Firefox ESR. In one update, use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.

Source: Mozilla 

How do you protect yourself?

Update to Firefox 65.

 

Matrix Ransomware

 

 

While initially, the Matrix authors used the RIG exploit kit to mass-distribute their ransomware in its early days, in 2016 and 2017, since early 2018, the ransomware has been exclusively spread in attacks against carefully selected high-value targets, usually by taking advantage of unprotected RDP (Remote Desktop Protocol) endpoints.

In this, the Matrix gang followed a trend in the ransomware world, where email or exploit kit-based mass distribution campaigns have died off in 2018, giving in to operations that preferred to go after individual targets in solitary attacks exploiting RDP.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Matrix ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.