FormBook Malware

Researchers at Menlo Security recently uncovered a new campaign targeting US and Middle East financial and information service sectors. This malware campaign delivers FormBook to targets via emails containing Microsoft Word attachments and does not require the recipient to enable macros in order to start malicious activities. FormBook bypasses security measures as the malicious component is hosted on a remote server and the document delivered to victims does not contain active malicious code or shellcode. This malware exploits CVE-2017-8570, a vulnerability in Microsoft Office that allows for execution without enabling macros, and it also utilizes design flaws in the document formats .docx and RTF. Microsoft patched this vulnerability in July of 2017. The NJCCIC recommends users and administrators ensure all Microsoft Office products are up-to-date with the latest patches.