Security News > 2022 > April > New FFDroider malware steals Facebook, Instagram, Twitter accounts
A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims' social media accounts.
Like many malware, FFDroider is spread through software cracks, free software, games, and other files downloaded from torrent sites.
Once launched, the malware will create a Windows registry key named "FFDroider," which led to the naming of this new malware.
The malware reads and parses the Chromium SQLite cookie and SQLite Credential stores and decrypts the entries by abusing Windows Crypt API, specifically, the CryptUnProtectData function.
Instead, the malware developers are focusing on stealing credentials for social media accounts and eCommerce sites, including Facebook, Instagram, Amazon, eBay, Etsy, Twitter, and the portal for the WAX Cloud wallet.
If the authentication is successful on Facebook for example, FFDroider fetches all Facebook pages and bookmarks, the number of the victim's friends, and their account billing and payment information from the Facebook Ads manager.