Skip to main content

Home Form grabber

Form grabber

(also form grabbing)

Form grabber definition

A form grabber is a type of malware specifically designed to steal information that users enter into web forms on internet browsers. This process involves several key steps that allow attackers to intercept and steal sensitive data without being noticed:

  • The initial step for a form grabber to start its work is infection. It can happen through all the traditional methods: phishing emails, malicious downloads, or compromised websites. Once a user unknowingly executes the malicious code, the form grabber installs itself on the user's device.
  • After installation, the form grabber targets the web browser(s) on the infected device. It uses a hooking technique to intercept the browser's function calls. Hooking allows the malware to insert itself into the communication pathway between the browser and the operating system. When the browser attempts to send or receive data, the form grabber can capture this data before it's encrypted for transmission over the internet.
  • As users interact with websites, entering their data, like usernames, passwords, credit card details, and other personal information into forms, the form grabber steals all of it in real-time. It can capture data from any form field before it is sent to the web server.
  • After stealing the desired information, the form grabber then sends it to a remote server controlled by the attacker. It often encrypts the stolen data to avoid detection during its transmission out of the infected device.

Form grabbers are designed to operate discreetly to avoid detection by antivirus and anti-malware programs. They may use various methods to hide their presence, including masquerading as legitimate software processes, modifying system files to avoid removal, and using encryption to hide their network traffic.

See also: stealth virus