New FFDroider malware hijacks social media accounts by stealing browser data / Digital Information World
The internet is a vast space that attracts people with good and bad intentions. Malicious people usually take over from scammers or hackers who steal personal information. They use malware to gain access to users’ devices and online accounts.
The same happened recently with the appearance of malware named FFDroider which steals credentials and cookies stored on websites and uses them to hack users’ social media accounts. The most risky accounts are those that are verified. Due to their reach, they can be used to perform scams involving cryptocurrencies and can be used to distribute malware. Hackers mostly tend to hack accounts that are verified and have access to ads. Ads Access may be used to deliver inappropriate advertisements on the Social Media Platform.
According to a detailed report by Zscaler, like most malware, FFDroider is distributed via games, apps, freeware and files downloaded from torrent sites. Once the app or file is installed, the malware will be installed as well, but it will be disguised as a Telegram desktop app to avoid detection. When the malware is launched, Windows automatically creates a file with the name “FFDroider”, hence the name.
The research also revealed that this malware specifically targets cookies and credentials that are stored on websites on browsers such as Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge. The malware reads the Chromium SQLite cookie and decrypts the inputs by misusing the “CryptUnProtectData” feature of the Windows Crypt API application. In other browsers, the procedure is the same, but the difference is that in Edge and in Explorer, thieves abuse features such as InternetGetCookieRxW and IEGet ProtectedMode Cookie.
The developers who created this malware are not interested in stealing personal information stored on websites, they are more invested in stealing information such as passwords to social media accounts. They steal apps such as Twitter, Instagram, LinkedIn, Facebook, Amazon, eBay and Etsy etc.
The purpose is that they obtain valid cookies that can be used on these applications. When authenticating from these cookies, FFDroider can obtain all information regarding credit cards, usernames, friend lists, addresses, etc.
In order to avoid being the next victim of one of this malware, we must be careful not to download anything illegal or pirated and always check if any file or application contains some kind of malware using VirusTotal.
Read next: Alarming new reports indicate that the United States leads as a hotspot destination for cybercrime