FormBook is an infostealer trojan sold as a PHP control panel on an underground hacking forum since mid-July 2017. Users can rent FormBook for $29 per week, $59 per month, or $99 for three months or they can purchase it by paying a one-time fee of $299. The panel allows the user to choose the malware's settings and active features as well as generate a sample of the malware. 

FormBook features include:

  • Keystroke logging
  • Clipboard monitoring
  • HTTP/HTTPS/SPDY/HTTP2 form and network request grabbing
  • Browser and email client password grabbing
  • Capturing screenshots
  • Bot updating
  • Downloading and executing files
  • Bot removing
  • Launching commands via ShellExecute
  • Clear browser cookies
  • Reboot the system
  • Shutdown the system
  • Download and unpack ZIP archive


October 2017: Several high-volume campaigns are spreading the FormBook malware, specifically targeting the Aerospace, Defense Contractor, and Manufacturing sectors in the United States and South Korea. (FireEye)