FormBook - What it is, how it steals data, and how to remove it safely

FormBook

What it is

FormBook is spyware for Windows that sneaks onto a PC to steal files and data. It can log what you type, grab passwords and cookies from browsers, and take screenshots, then send everything back to the attacker. Details and IOCs: see our FormBook explainer.

What you may notice

  • Sudden logouts or new MFA prompts you didn’t start

  • Unknown browser extensions or odd redirects

  • Network spikes after opening an email or installer

  • Apps crash or settings change without reason

How it gets in

  • Phishing emails with booby-trapped attachments

  • Fake updates and bundled “free” installers

  • Malvertising and shady download sites

Remove it now - quick steps

  1. Disconnect from the internet and avoid banking or email on the infected device.

  2. Run a full anti-malware scan, quarantine findings, reboot, then scan again.

  3. From a clean device, change passwords and enable MFA.

  4. Review startup items, scheduled tasks, and extensions - remove unknowns.

  5. Move any crypto to new wallets with fresh seed phrases.

Prevent it

  • Install software only from official sources - avoid cracks and repacks.

  • Keep Windows, browsers, and plugins updated.

  • Use reputable EDR/anti-malware plus email/web filtering.

  • Be cautious with attachments - block macros by default and preview links before clicking.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Data Exfiltration

        What it is Data exfiltration is the unauthorized transfer of your data out of your device or network—quietly slipping customer records, passwords, designs, or finances to an attacker. It’s the punchline of many breaches: get in, get data out, cash ...

      • Data Breach

        What it is A data breach is when someone gets into a company’s systems without permission and steals sensitive info—customer names, emails, passwords, payment details, medical records, and more. For overview: see our data breach guide How it happens ...

      • Malware

        What it is Malware is any software made to harm your device or data. It can steal passwords, lock your files, spy on activity, or hijack your browser. For a quick primer and examples, see our malware explainer. How it spreads Phishing emails and fake ...

      • RAM Scraping

        What it is RAM scraping is when malware reads a process’s live memory to grab sensitive data in plaintext before it’s encrypted or after it’s decrypted. Classic targets are point-of-sale apps where payment card data briefly appears in RAM, but ...