This article was originally published on ThreatChain — decentralized threat intelligence. Someone on your team opened an Excel file 10 minutes ago. Their browser passwords, email credentials, and keystrokes are already being sent to a server in Eastern Europe. A new Formbook sample was identified by threat intelligence feeds on 2026-05-06 09:07:33. This post breaks down what we know about the specific sample, how to recognize related activity on your network, and what to do if you or your organization might be affected. The Sample at a Glance Field Value SHA-256 ead0a612c58e858cabd1248aca1ee32fa8d5e5a290bda6771bdc53e500140b12 File name Purchase Order 350088.exe File type exe Size 1.12 MB Origin (first observed) DE First seen 2026-05-06 09:07:33 Family Formbook Tags exe, Formbook VirusTotal detection 29/74 engines flagged malicious What Formbook Does Formbook is a credential-stealing trojan that hooks browser APIs to capture passwords, form submissions, and clipboard contents.…