{
  "family": "formbook",
  "sample_count": 35,
  "category": "infostealer",
  "description": "Formbook is an information-stealer family with 35 samples in ember 2018 that harvests credentials, cookies, autofill data, cryptocurrency wallets, and application data from infected systems. info-stealers are commonly delivered alongside ransomware as a precursor exfiltration step.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [],
  "enrichment_level": "category-templated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Formbook malware?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Formbook is a member of the infostealer category in the EMBER 2018 malware corpus. Like other infostealer samples it shares the behaviors typical of that class. Because precise family-specific reporting on Formbook is limited, this catalog only describes it at the category level rather than fabricating unverified details."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if Formbook is detected on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Do not attempt manual removal. Infostealer samples often establish persistence and may be part of a larger compromise. Isolate the affected system from the network and contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response."
      }
    }
  ],
  "faq_count": 2,
  "mitre_attack": [
    "T1566.001",
    "T1056.001",
    "T1555",
    "T1071.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}