Formbook | Breaking Cybersecurity News | The Hacker News

Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025. The activity primarily targeted industrial, financial, tourism, biotechnology, research, and trade sectors, cybersecurity company F6 said in an analysis published last week. The attack chain involves sending emails bearing subject lines like "Waiting for the signed document," "INvoice for Payment," or "Reconciliation Act for Signature," urging recipients to open an RR archive, within which there exists a Windows executable that masquerades as a PDF document (e.g., "Акт_сверки pdf 010.exe"). The messages, written in Russian or English, are sent from email addresses registered in the .ru, .by, and .kz top-level domains. The executable is an obfuscated .NET loader designed to launch a malicious DLL ("MechMatrix Pro.dll"), which subsequently...

A new Go-based malware loader called  JinxLoader  is being used by threat actors to deliver next-stage payloads such as  Formbook and its successor XLoader . The  disclosure  comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks. "The malware pays homage to League of Legends character  Jinx , featuring the character on its ad poster and [command-and-control] login panel," Symantec  said . "JinxLoader's primary function is straightforward – loading malware." Unit 42  revealed  in late November 2023 that the malware service was  first advertised  on hackforums[.]net on April 30, 2023, for $60 a month, $120 a year, or for a lifetime fee of $200. The attacks begin with phishing emails impersonating Abu Dhabi National Oil Company (ADNOC), urging recipients to open password-protected RAR archive a...