Infostealer Malware FormBook Spread via Phishing Campaign – Part I

Fortinet FortiGuard Labs analyzed a phishing campaign that delivered a malicious Word document exploiting CVE-2017-11882 to execute a 64-bit DLL (disguised as AdobeID.pdf) which establishes persistence, downloads an encrypted FormBook payload disguised as a PNG, decrypts it in memory, and deploys it via fileless process hollowing into ImagingDevices.exe; the report includes detailed TTPs and IOCs (download URL and SHA-256 hashes).