FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal

Trend Micro -

FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal

Exploits & Vulnerabilities

Trend Micro detected a new campaign using a recent version of the known FormBook infostealer. Newer FormBook variants used the recent Office 365 zero-day vulnerability, CVE-2021-40444.

By: Aliakbar Zahravi, Kamlapati Choubey, Peter Girnus, William Gamazo Sanchez September 29, 2021 Read time:  ( words)

Trend Micro detected a new campaign using a recent version of the known FormBook malware, an infostealer that has been around since 2016. Several analyses have been written about FormBook in the last few years, including the expanded support for macOS. FormBook is famous for highly obfuscated payloads and the use of document CVE exploitation. Until recently, FormBook mostly exploited CVE- 2017-0199, but newer FormBook variants used the recent Office 365 zero-day vulnerability, CVE-2021-40444.

Exploit description

FormBook authors did some rewrites on the original exploit, taking as their initial codebase the one that we and Microsoft observed as deploying Cobalt Strike beacons.  The exploited vulnerability is CVE-2021-40444. However, since the vulnerability itself has been analyzed already, here we focus on describing some of

Read More: https://www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html