A new malware FFDroider is hacking social media accounts by stealing browser data

The internet is a vast place that attracts people with both good and bad intentions. The people with bad intentions usually take the mantle of scammers or hackers who steal personal information. They make use of malwares to get into people’s devices and online accounts.

The same happened recently as a malware named FFDroider has appeared which steals credentials and cookies which are stored in websites and uses them to hack into people’s social media accounts. The accounts which are more at risk are the ones which are verified. Because of their reach they can be used to carry out scamming involving cryptocurrency and can be used to distribute malware. Hackers mostly tend to hack the accounts which are verified and have ad access. Ad access can be used to run inappropriate ads on the social media platform.

According to a detailed report from Zscaler, like most malware, FFDroider is distributed through games, apps, free software and files that are downloaded from torrent sites. Once the app or file is installed the malware will too, but it will be disguised as the Telegram desktop app to avoid detection. When the malware is launched windows will automatically create a file with the name “FFDroider”, thus the name.

The research also found out that this malware specifically targets cookies and credentials that are stored in websites on browsers that include Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge. The malware reads Chromium SQLite cookie and decrypts the entries by making misuse of the Windows Crypt API app’s feature “CryptUnProtectData”. In the other browsers the procedure is the same but the difference is that in Edge and in Explorer thieves abuse features like InternetGetCookieRxW and IEGet ProtectedMode Cookie.

The developers who made this malware aren’t interested in stealing personal information stored in websites, they are more invested in stealing information like passwords from social media accounts. They are stealing from apps including Twitter, Instagram, LinkedIn, Facebook, Amazon, eBay, and Etsy etc.

The purpose of this is that they get valid cookies that can be used on these apps. When they gain authentication from those cookies FFDroider can get all information regarding credit cards, usernames, friend lists, addresses etc.

In order to avoid being the next victim of one such malware, we should take care not to download anything illegal or pirated and always check whether a file or app has any sort of malware using VirusTotal.


Read next: New Alarming Reports Say The US Is Leading As A Hotspot Destination For Cybercrime
Previous Post Next Post