FormBook stealer: Data theft made easy
The FormBook information-stealing malware, being advertised as providing an "extensive and powerful internet monitoring experience", has clearly caught the eye of threat actors since its debut on underground forums in 2016. Due to its low price, it is easily accessible to threat actors of all sophistication for use in campaigns of varying complexity and shows no signs of slowing down. The malware provides a variety of data theft capabilities such as stealing stored passwords from local applications, recording user keystrokes, browsing and interacting with files on the infected host, taking screenshots, and more. Although the information stealing functionality seems rather standard, the measures FormBook takes to avoid analysis makes this malware family difficult to detect and analyze, making the stealer all the more appealing to malicious actors looking for a new take on an old threat.