Security News > 2023 > February > FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection

The shift to Google malvertising is the latest example of how crimeware actors are devising alternate delivery routes to distribute malware ever since Microsoft announced plans to block the execution of macros in Office by default from files downloaded from the internet.

NET applications for concealing its behavior and are tasked with distributing the FormBook malware family.

Besides incorporating anti-analysis and anti-detection techniques to evade execution within a virtual machine or an application sandbox environment, the loaders have been found to employ a modified version of KoiVM that packs in additional obfuscation layers in order to make deciphering even more challenging.

"As a response to Microsoft blocking Office macros by default in documents from the Internet, threat actors have turned to alternative malware distribution methods - most recently, malvertising," the researchers said.

"The MalVirt loaders demonstrate just how much effort threat actors are investing in evading detection and thwarting analysis."

The findings arrive two months after India-based K7 Security Labs detailed a phishing campaign that leverages a.NET loader to drop Remcos RAT and Agent Tesla by means of a virtualized KoiVM virtualized binary.

News URL

https://thehackernews.com/2023/02/formbook-malware-spreads-via.html