SentinelOne Vs. FormBook Malware – Kill and Quarantine

Watch how SentinelOne kills and quarantines FormBook Malware. FormBook is a long-standing, highly-available malware with a focus on information discovery and theft. FormBook is known to date back to 2016 when it was initially offered in ‘underground’ cybercrime forums.

The initial focus was on pulling data from web forms within loaded web pages. It will typically achieve this by injecting a variety of system or well-known processes (msiexec.exe for example) FormBook is capable of interacting with clipboard contents, log keystrokes, siphon local credentials, and gather screen captures.

In addition, FormBook is capable of extracting personal information from local browser storage/cache. FormBook is typically delivered via phishing emails (containing the attached malware or a link to it).