MalVirt Loader Distributes Formbook and XLoader with Unusual Levels of Obfuscation

Cybercriminals were found distributing virtualized .NET malware loaders, dubbed MalVirt, in a Google Ads-based malvertising campaign to install the Formbook stealer and XLoader. The hackers used KoiVM virtualization technology to obfuscate their implementation and execution in their campaigns. The malware has keylogging, credential stealing, and additional malware loading capabilities.