Intel Name: Infostealer malware formbook spread via phishing campaign – part ii
Date of Scan: May 28, 2025
Impact: High
Summary: We detailed the campaign’s launch through a phishing email that exploited the CVE-2017-11882 vulnerability to run a 64-bit DLL. This DLL then downloaded and decrypted a FormBook variant concealed in a fake PNG file. Finally, we explained how the DLL used process hollowing to inject the FormBook payload into ImagingDevices.exe and execute it.
