This article was originally published on ThreatChain — decentralized threat intelligence. Someone on your team opened an Excel file 10 minutes ago. Their browser passwords, email credentials, and keystrokes are already being sent to a server in Eastern Europe. A new Formbook sample was identified by threat intelligence feeds on 2026-04-25 17:43:11. This post breaks down what we know about the specific sample, how to recognize related activity on your network, and what to do if you or your organization might be affected. The Sample at a Glance Field Value SHA-256 db9f42884c1a7e89475cf33e639f3e98d88300615309de64aa2a7232a9823a2f File name 06EWFQ0K.ps1 File type ps1 Size 1.46 MB Origin (first observed) CL First seen 2026-04-25 17:43:11 Family Formbook Tags Formbook, ps1 VirusTotal detection 22/75 engines flagged malicious What Formbook Does Formbook is a credential-stealing trojan that hooks browser APIs to capture passwords, form submissions, and clipboard contents.…