The target is our social media accounts as hackers try and steal passwords.

Zscaler cybersecurity researchers are cautioning us about a malware that targets usernames and passwords, and cookies from infected Windows computers, nicknamed the FFDroider.

This malware can steal passwords for Amazon, eBay and Etsy accounts but primarily focuses on stealing the login credentials for social media websites, including Facebook, Instagram and Twitter. FFDroider can also steal cookies from Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge browsers. 

This trojan malware can be used to

  • take control of accounts
  • steal personal information
  • commit fraud against victims
  • if the same email and password is used to access other accounts, it could also provide attackers with a means of hacking these accounts too.

Having observed “multiple” campaigns related to FFDroider, in which Zscaler say are all connected to a malicious program embedded in cracked version of installers and freeware.

Firstly, to keep from being detected after being instaled, FFDroider disguises itself as messenger application called Telegram. If you’re not a Telegram app user, and discover this app in your folder, you’ll know why.

Secondly, once in and undetected on the system, the malware monitors what the victim does. And while the victim enters in their username and password to Facebook or Twitter – their information is stolen.

Meanwhile, FFDroider also steals information saved to the browser, such as cookies and saved login credentials.

Above all, if the social media account is for a business and takes payments, the malware will also look for banking information. So it has the possibility for attackers to steal bank payment details.

In addition, a compromised social media account could be used to

  • run malicious advertising campaigns
  • steal more payment details
  • or spread the malware further

Stolen details are a prime commodity for cyber criminals especially those from a social media account that hold a lot of personal information. Criminals can use the data to commit fraud or sell the information on the dark web. Either way it spells trouble for the victims.

Firstly, to avoid falling victim to this malware campaign, you should take extreme care if offered any free software downloads via email. Most software must be paid for, not much is for free. So, it’s a clear indicator that the link shouldn’t be trusted.

Secondly, it’s a good idea to apply multi-factor authentication across all your social media platforms.

That way even if the attackers have the right password, they need another code from your device if they want to get into your account.  

And lastly if you suspect your password has been stolen change it immediately.

Just taking these simple steps will help you avoid becoming a victim.

Want insights like this in your mailbox? Join our monthly mailing list

How can we make your business better with IT?