FormBook is an infostealer trojan sold as a PHP control panel on an underground hacking forum since mid-July 2017. Users can rent FormBook for $29 per week, $59 per month, or $99 for three months or they can purchase it by paying a one-time fee of $299. The panel allows the user to choose the malware's settings and active features as well as generate a sample of the malware.
FormBook features include:
- Keystroke logging
- Clipboard monitoring
- HTTP/HTTPS/SPDY/HTTP2 form and network request grabbing
- Browser and email client password grabbing
- Capturing screenshots
- Bot updating
- Downloading and executing files
- Bot removing
- Launching commands via ShellExecute
- Clear browser cookies
- Reboot the system
- Shutdown the system
- Download and unpack ZIP archive
Reporting
October 2017: Several high-volume campaigns are spreading the FormBook malware, specifically targeting the Aerospace, Defense Contractor, and Manufacturing sectors in the United States and South Korea. (FireEye)
