FFDroider Malware Steals Social Media and eCommerce Credentials
The FFDroider Malware, despite its name, is not a threat targeting Android devices. Instead, it is entirely focused on infiltrating Windows machines, and then concealing its malicious activities in the background. The malware appears to be delivered through fake downloads, game cracks, software activators, and even pirated media. The goal of the criminals is to infect as many machines as possible, and then use the FFDroider Malware to exfiltrate sensitive data from them.
The FFDroider Malware has features typical for an information stealer. It is able to steal information from Web browsers, email clients, and various other applications. Once installed, it may mask its files as an installation of the Telegram desktop application. What is peculiar is that the FFDroider Malware operators appear to be selective with the type of information they steal from Web browsers.
Often, information stealers target all sorts of logins, but the FFDroider Malware sticks to social media and e-commerce. The malware scans for logins related to Facebook, Amazon, Instagram, Twitter, and similar websites. Surprisingly, it also attempts to steal data related to the WAX Cloud wallet.
If the FFDroider Malware manages to penetrate a Facebook account's security, it will exfiltrate information about the user's friends, payment information (using Facebook Ads) and more. Another notable feature of the FFDroider Malware is its ability to introduce additional payloads to infected machines. While none of the secondary malware families have been identified yet, FFDroider's ability to function as a Trojan Downloader make it a much more potent threat. Users can stay safe from the FFDroider Malware attacks by utilizing reputable anti-malware services and software.