FFDroider, an information-stealing malware, creates havoc

Nwachukwu Glory Last updated: April 12, 2022
Disclosure
FFdroider malware
(Alamy)
  • FFDroider is an information-stealing malware that could appear like legit software.
  • The malware can bypass Windows security by installing itself within the Windows Registry.
  • The malware pass through credentials and cookies in web browsers of top firms like Facebook, Twitter, Instagram, eBay, and others.

It isn’t easy to remain completely private on the internet. That is because cybercriminals constantly improve their tools and tactics to steal users’ information. These programs, such as keyloggers, malware, etc., enable them to gather nuggets of negligible information until they become useful. That’s why cases of data breaches, doxing, phishing through emails, malware infestation, etc., never seem to stop.

Recently, Zscaler Threatlabz researchers discovered one of the latest tools that enable criminals to steal information on the internet. FFDroider, an info-stealer malware, infiltrates into cookies and credentials within web browsers. Then, subtly, it will take control of the user’s social media account to steal information.

Activities of FFDroider

FFDroider operates as an information-stealing malware. The developers of this malware designed it such that it could search browser cookies and the credentials of accounts. The operation of this information-stealing malware cuts across several browsers like Internet Explorer, Google Chrome, Mozilla Firefox, and Microsoft Edge.

It has the capacity of multiplying through several means like software cracks, games, and free software. Also, it can infest a target once they download anything from torrent (P2P) sites. As per the explanation from experts, once the user downloads an affected torrent file, FFDroider hijacks his social media account. The scary part is that the malware could appear as a telegram desktop application and completely fool the user.

The malware’s attack cycle (Infographic credit: Zscaler)

The cybercriminals who created this malware have used it to infiltrate sites such as Facebook, Instagram, eBay, Amazon, Etsy, Twitter, and Wax Cloud Wallets. According to security researchers, criminals steal credentials to join these target platforms. Then they’ll run fake ad campaigns of the malware to deceive unsuspecting internet users.

If any user downloads and installs such risky files, he will become infected with the malware. Then, the malware will bypass the available Windows security using a Windows Registry Key (FFDroider)

Once the malware has weakened the Windows security, it will get to work and start collecting credentials and cookies of some social media platforms. Afterward, FFDroider will use the details it gathered to access the target’s social media accounts. Finally, it will send all stolen details to the cybercriminals’ command and control (CnC) server.

About information stealer

An information stealer is a malicious program that could appear as any other app on your device. Its work is to collect data. This program can even bypass the Windows firewall once it enters the Windows Registry. Moreover, it can replicate many times on a device without being obvious. 

According to Zscaler, using a stealer is one way cybercriminals have successfully gathered information to carry out attacks. With this type of malicious tool available, it has become evident that internet users should be more privacy-conscious. 

One way to do that is to use web browsers that could clear out risky cookies and keep you private online. But, most importantly, internet users should be careful of the software they download, especially if the sources are unclear.

Additionally, it would be best if you learned how to encrypt your connection by using a reliable VPN that can enhance your privacy online. And of course, do remember to keep your antivirus on all the time.

Share this article

About the Author

Nwachukwu Glory

Nwachukwu Glory

Nwachukwu Glory is a writer, blogger, and tech nerd. She loves trying new gadgets that make life more fun ( and easier). Glory is passionate about digital security and privacy alongside browsing the World Wide Web without any limitations. Read More

Comments

No comments.