SentinelOne Vs. FormBook Malware – Mitigation and Rollback

Watch how SentinelOne mitigates FormBook Malware – a long-standing, highly available malware focusing on information discovery and theft. FormBook is known to date back to 2016 when it was initially offered in ‘underground’ cybercrime forums.

The initial focus was on pulling data from web forms within loaded web pages. It will typically achieve this by injecting a variety of system or well-known processes (msiexec.exe for example) FormBook is capable of interacting with clipboard contents, log keystrokes, siphon local credentials, and gather screen captures.

In addition, FormBook is capable of extracting personal information from local browser storage/cache. FormBook is typically delivered via phishing emails (containing the attached malware or a link to it).