menu_book Malware Family

FormBook / XLoader

Also known as: FormBook, XLoader

FormBook is a malware-as-a-service infostealer that grabs credentials from browsers and applications, logs keystrokes, and can download further payloads. Its successor XLoader extended the family to macOS, making it a cross-platform credential-theft threat.

What is FormBook?

FormBook is a widely sold infostealer that harvests credentials, captures keystrokes and clipboard data, takes screenshots, and can act as a downloader. It is offered cheaply as a service, contributing to its high prevalence in phishing campaigns.

The XLoader successor

XLoader evolved from FormBook and notably added macOS support, demonstrating how established Windows stealers expand to additional platforms to widen their victim pool.

How VantaPrism Tracks FormBook / XLoader

VantaPrism covers cross-platform families like FormBook/XLoader, ensuring exposures are captured regardless of whether the victim ran Windows or macOS.

Check Your Exposure arrow_forward

Frequently Asked Questions

What is the difference between FormBook and XLoader?

expand_more

XLoader is an evolution of FormBook by the same lineage, adding capabilities including macOS support while retaining FormBook's credential-theft focus.

Related Terms

Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…

Keylogger arrow_outward

A keylogger is malware or hardware that records a user's keystrokes to capture passwords, messages, and other sensiti…

Phishing arrow_outward

Phishing is a social-engineering attack that deceives victims into revealing credentials or running malware, usually…

Malware-as-a-Service (MaaS) arrow_outward

Malware-as-a-service (MaaS) is a criminal business model in which malware authors rent or sell their software, infras…

← All Glossary Terms Last reviewed: June 2026