FormBook

FormBook is an infostealer trojan sold as a PHP control panel on an underground hacking forum since mid-July 2017. Users can rent FormBook for $29 per week, $59 per month, or $99 for three months or they can purchase it by paying a one-time fee of $299. The panel allows the user to choose the malware's settings and active features as well as generate a sample of the malware.

FormBook features include:

Keystroke logging
Clipboard monitoring
HTTP/HTTPS/SPDY/HTTP2 form and network request grabbing
Browser and email client password grabbing
Capturing screenshots
Bot updating
Downloading and executing files
Bot removing
Launching commands via ShellExecute
Clear browser cookies
Reboot the system
Shutdown the system
Download and unpack ZIP archive

Reporting

October 2017: Several high-volume campaigns are spreading the FormBook malware, specifically targeting the Aerospace, Defense Contractor, and Manufacturing sectors in the United States and South Korea. (FireEye)

FormBook advertisement. Image Source: FireEye

Trojan VariantsNJCCICOctober 10, 2017formbook

FormBook

NJ CYBERSECURITY & COMMUNICATIONS INTEGRATION CELL

PO Box 091

Trenton, NJ 08625

CONTACT US

Email: njccic@cyber.nj.gov

Phone: 609.963.6900 x 7865