[QuickNote] Examining Formbook Campaign via Phishing Emails

1. Initial foothold

The attacker sent an email with an attachment named “brochure-for-2023-elite-events.rar”. This rar file contains only one lnk (shortcut) file named: brochure-for-2023-elite-events.pdf.lnk. If the user does not pay attention and extracts the file, it will be displayed as a PDF icon like the following:

(more…)