Infostealer
FormBook
aka XLoader (successor)
A cheap, long-running malware-as-a-service infostealer and form-grabber, later rebranded and expanded cross-platform as XLoader.
FormBook is a low-cost infostealer and form-grabber sold as a service since 2016. Despite its age it remains one of the most common strains in phishing campaigns, prized for cheap subscriptions, heavy obfuscation, and a stealthy injection technique that hides in legitimate processes.
Capabilities
FormBook grabs data from web forms and browsers, logs keystrokes and the clipboard, and captures screenshots, exfiltrating to its panel. Its function-hashing and encrypted strings make static analysis painful.
XLoader
In 2020 the operators rebranded an evolved build as XLoader, adding macOS support and selling it more broadly — a rare cross-platform commodity stealer. Campaigns are tracked on Cyber Breaches; an unpacking guide lives on the Reverse Engineering Hub.
Defense
Block executable email attachments, enforce MFA, and alert on process-injection behaviour and stealer C2.