FFDroider, a recently discovered information stealer malware, steals credentials and cookies saved in web browsers in order to hijack targets’ Facebook, Instagram, and Twitter accounts.
Cybercriminals love social media accounts, particularly verified ones because they can use them for a variety of malicious purposes, such as cryptocurrency frauds and malware distribution. These verified accounts become even more appealing when they have access to the social media site’s advertising platforms, enabling hackers to use the stolen credentials to run malicious ads.
How Is FFDroider Spread?
As per a comprehensive technical analysis conducted by security researchers at cloud security company Zscaler, just like most malware, FFDroider info stealer is distributed through software cracks, free software, games, and other files got from torrent sites.
As explained by BleepingComputer, when these downloads are installed, FFDroider is also installed but is masquerading as the instant messaging application Telegram to avoid being detected.
The malware will generate a Windows registry key called “FFDroider” once it is launched, which is how the info stealer got its name.
The attack cycle
The new malware is focusing on cookies and account credentials saved in Google Chrome (and Chrome-based browsers), Mozilla Firefox, Internet Explorer, and Microsoft