[MART] - Daily Diary #488 - New FFDroider Trojan Steals Social Media Accounts

[CTAS-MAT]

Hello,

I hope everyone is doing well!

Below is the entry for today.

04/08/2022 - Diary entry #488:

Recently, a new Windows-based Info Stealer Trojan, FFDroider, was disclosed. FFDroider is distributed via software cracks, freeware applications, games, and other files downloaded from torrent sites. In the system, FFDroider is installed disguised as Telegram, the instant messaging application.

FFDroider focuses on stealing cookies and login credentials from social media and e-commerce sites by analyzing Chromium SQLite cookie and SQLite Credential. It stores and decrypts entries using the Windows Crypt API to obtain clear text usernames and passwords, which are then exfiltrated via an HTTP POST request to the C2 server.

This Trojan, in addition to stealing credentials and using them to log into accounts, can download and run additional modules to perform other credential exfiltration techniques and deploy more sophisticated attacks. Although it isn't clear what modules the attackers have already coded, this can be used to deploy RATs, botnets, exploits, and even ransomware.

This malware is another example of why users should be careful when downloading software (or software cracks) from unknown sources. Downloading software carries a potential risk for your data and your computer. FFDroider is just one of many malware that can be downloaded as a trojan horse.

Kind Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220408/abb9f5e2/attachment.htm>