Cybersecurity researchers at Zscaler are warning about malware dubbed FFDroider that is designed to steal usernames and passwords, along with cookies from infected Windows computers.
FFDroider is mainly focused on stealing login credentials for social media websites, including Facebook, Instagram and Twitter, but it also steals passwords for Amazon, eBay and Etsy accounts. The malware can steal cookies from Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge browsers.
The information stolen by the trojan malware can be used to take control of accounts, steal personal information, commit fraud against victims, and could also provide attackers with a means of hacking other accounts if the same email and password is used to access them.
Zscaler said it has observed “multiple” campaigns related to FFDroider, which are all connected to a malicious program embedded in cracked version of installers and freeware.
SEE: A winning strategy for cybersecurity (ZDNet special report)
To avoid being detected after installation, the malware disguises itself as messenger application Telegram – although users who aren’t Telegram users might wonder why folders claiming to be that app have appeared.
Once installed on a system, the malware monitors the actions of the victim and – when they enter their username and password into the specified social media platforms – the information is stolen. FFDroider also steals cookies and saved login credentials from the browser.
If stolen social media account credentials are linked to a business account, the malware also seeks out billing information, potentially enabling the attackers to steal bank payment details.
The attackers could also use compromised Facebook or Instagram accounts of businesses to run malicious advertising campaigns, take control of additional accounts, steal more payment details, or spread the malware further.
Social media accounts hold a lot of personal information and stolen details are a prime commodity for cyber criminals who can exploit the data to commit fraud themselves, or sell to others on underground forums.
To stay safe from this particular campaign, people should be extremely wary of unexpected emails claiming to offer free software – especially if that software is something that usually must be paid for, as that’s often a clear sign that the download link can’t be trusted.
It’s also helpful to apply multi-factor authentication across all social media platforms, as this helps to stop attackers from accessing accounts, even if they have the right password. In any situation where you think your password might have been stolen, you should change it immediately.