New FFDroider malware steals Facebook, Instagram, Twitter accounts


Level 85
Thread author
Honorary Member
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims' social media accounts.

Researchers at Zscaler have been tracking the new info-stealer and its spread and published a detailed technical analysis today based on recent samples.

Like many malware, FFDroider is spread through software cracks, free software, games, and other files downloaded from torrent sites.

When installing these downloads, FFDroider will also be installed, but disguised as the Telegram desktop app to evade detection.

Once launched, the malware will create a Windows registry key named "FFDroider," which led to the naming of this new malware.

The Zscaler researcher has put together an attack flow chart illustrating how the malware is installed on victims' devices.

FFDroider's infection and operational flow

FFDroider's infection and operational flow (Zscaler)